[AfriNIC-rpd] Policy Proposal: End user classification for Universities

[Seun Ojedeji]

Hello Owen,

So if I get you right, your own description of administrative control is
having full  access of user access devices and not even network related.
If that is the case then I rest my case and wish you all the best with your
strange analogy.

Regards

OS
sent from google nexus
On Jun 29, 2012 10:55 PM, "Owen DeLong" <owen at delong.com> wrote:

>
>
> Sent from my iPad
>
> On Jun 29, 2012, at 4:46 PM, Seun Ojedeji <seun.ojedeji at gmail.com> wrote:
>
>
> On Jun 29, 2012 1:20 PM, "Owen DeLong" <owen at delong.com> wrote:
> >Policy at ARIN is much like that of AfriNIC. If you are assigning
> addresses to external entities, you are an LIR. If you are not, you are an
> end-user.
>
> You have summed this up perfectly, and I think the phrase "external
> entities" is what needs to be put in perspective. As far as each Nigeria
> institution is concerned, it does not classify it's faculties, departments,
> staff quarters, classrooms, dorms, and admin blocks as external entities.
> So that makes us an end user right?
>
> Not necessarily... Do you have a policy and/or any enforcement mechanism
> which prevents students from deploying routers in their dorms and/or
> prevents your faculty from deploying their own routers in their staff
> quarters and running their own subordinate networks with or without your
> knowledge?
>
> If not, then I don't see how you can claim those are not external entities
> just as any other residential ISP.
>
>  For the most part, ARIN allows for organizations to self-select a
> category, but, there are also advantages and disadvantages associated with
> each category which tend to push organizations into selecting the correct
> category to avoid boxing themselves into an uncomfortable corner later.
>
> Sure everything has pros and cons and the option for a university to
> either sign up for end user or LIR is there, hence the reason why SF gave
> an example of a university being an ISP. The point is if I opt for end user
> option, why should I be denied and given only LIR option when I am not
> providing service to an external entity (using how external entity is
> viewed by law in my institution).
>
>
> See my above clarification of external entity. Unless you allow staff
> quarters and/or students in dorms to order service from competing ISPs in
> lieu of connecting to your network and/or have some way to prevent them
> from installing and operating their own network facilities attached via
> routers you do not control connected to your network, then, whether you are
> aware of it or not, you are, in fact, providing addresses to devices not
> under your administrative control.
>
> I don't know whether AfriNIC's interpretation of the phrase external
> entities matches mine or not, but, I think you would be hard pressed to
> argue that my interpretation is not at least one valid interpretation.
>
> Bottom line, IMHO if you have administrative access to every device that
> receives one of your numbers, then you are an end-user. If you delegate
> your numbers to devices you do not control, then you are an LIR whether you
> realize it or not and whether you are recorded as such or not.
>
> To the best of my knowledge, you are unlikely to have administrative
> access to the laptops, ipads, iphones, ipods, desktop computers, routers,
> switches, blu-ray players, playstations, xboxes, and other IP consuming
> devices that your students and/or faculty deploy within their rented spaces
> in your residential facilities. If your faculty and students are required
> to surrender such administrative access to the university, then I stand
> skeptical, but corrected.
>
> At this point, it can only make sense of AfriNIC note points me to their
> own policy terms which defines external policies as different from the way
> I understood it.
> >
>
> >
> > You would not say that an apartment complex which provides internet to
> every apartment is an end-user, (or at least I would not), but, would
> classify them as an LIR because they provide addressing to support networks
> which are not within their administrative control.
> >
> How do you mean the networks are not within administrative control...Owen
> the service is not stationary it's suppose to be distributed to all the
> university community users and ofcourse they will require IP address to
> connect to the university network. So if I shutdown for instance my dhcp
> server, will they still be able to use the service? Is that not me
> controlling the network?
>
>
> Yes, unless your DHCP server is associated with some form of NAC, ala what
> happens in DOCSIS, they can forge an address if necessary or continue using
> their old lease until it expires (and possibly beyond on some clients).
>
> The bigger question is -- can you authoritatively change the network
> configuration of the device without the end user's additional permission or
> consent?
>
> I'm not sure what you mean about "the service is not stationary". The
> ethernet jack in a dorm room (if such exists) is most certainly stationary.
> If it's not an ethernet jack, then the WAP(s) in the dorm building are also
> stationary though they may be part of a larger wireless network that
> affords mobility to (some of) its clients.
>
> I did not say you didn't control the network. I said you are assigning
> addresses to devices you do not control.
>
> An end-user, such as most enterprises actually retains administrative
> control over the laptops that the company provides to its employees. I will
> admit that the new trend towards BYOD in the enterprise creates a
> significant grey area and the blurring of the line created by that grey
> area might shift the line to encompass such university networks eventually,
> but, I tend to doubt it.
>
> I still stand by drawing the division based on whether the device you
> assign an address to might be a router which you do not control that
> supports a network topology behind said router outside of your control,
> whether you know about it or not. In the enterprise, this is (almost
> always) prohibited by policy and considered a "firing offense" enforced by
> human administration and not technology, but enforced nonetheless.
>
> In the case of a dorm room and/or a faculty housing unit, I would say that
> the likely deployment of a router is probably the rule rather than the
> exception.
>
> > After it hits the first router in the dorm-room, anything behind that is
> not within the university's administrative control.
>
> Ah! Are you kidding me. Who bought the router and placed it there in the
> first place? who provided IP service to the router. I think you are using
> the term administrative control wrongly(this is basic networking).
>
> The student or faculty member occupying the dorm. A linksys or netgear or
> d-link router can be had for about US$40. It probably got its address for
> its upstream port from your DHCP server and uses RFC-1918 space chosen
> either by vendor default or by the occupant of said residence for the
> downstream network(s).
>
> Are you kidding me?
>
> Do you really purport to claim that students can't/don't/won't do this?
>
> Hence, I argue that dorms are, in fact, external connections where the
> university is acting as an ISP.
>
>
> I think you were either misunderstanding what I was talking about or you
> have a very creative idea of what constitutes administrative control. A
> residential ISP (DSL, Cable, PON, 3G/4G, whatever) can turn off a household
> by turning off their upstream facilities. That does not mean they control
> the have administrative control of the devices within the household or that
> they are not an ISP.
>
> >
> As a matter of fact, most internet users are ISP in practical (not in
> policy) cos you could just share your pppoe connection in your household.
>
>
> Generally, you have administrative control of every device within your
> household. If you are getting multiple IP addresses from your provider via
> that PPPoE connection and distributing them to your neighbor, then, you
> are, in fact, an ISP and an LIR. However, you are an LIR subordinate to
> another LIR and not an AfriNIC direct allocation, so, it becomes largely
> irrelevant whether AfriNIC would consider you an LIR or EU.
>
> >
> > IMHO there are policy issues which go beyond price.
> >
> And what are the policy issues that goes beyond pricing on the current
> subject matter.
> >
> I am gonna assume Owen is just having fun and not responding based on
> facts and realities on ground. This issue is of importance to African
> universities and I urge you to be objective on this matter. Many
> universities are still looking to one day when they did be able to sign up
> for their space and if the cost is by anyhow further increased, it gives we
> engineers more though time to
>
> Quite the contrary. Policy affects the requirements for registration of
> downstream assignments and allocations, contents of the whois database, the
> nature of your relationship with other ISPs in some cases, and more. All of
> these go beyond the price you pay to AfriNIC for your registration services.
>
> convince the school admins to pay that much for what is unseen!
>
> As I said, I do not oppose the idea of a fee structure for educational
> institutions that removes the pricing considerations. However, I do believe
> that assigning residential occupants addresses which are used to provide
> internet access to devices not owned by or administered by the university
> and still claiming to be an end user is side-stepping the intent and the
> plain text meaning of the policy, whether that is allowed or not.
>
> I hope you will identify with my views.
>
> I understand your views and I sympathize with your pricing concerns.
> However, the clean solution to that is to correct the pricing but recognize
> that the policies should apply consistently even if the pricing contains an
> exception for universities and possibly other forms of non-profit
> community-benefit networks.
>
> Owen
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20120629/e2f50048/attachment.html>