Search RPD Archives
[rpd] New proposal - "Out-Of-Region Use of AFRINIC Internet Number Resources" (AFPUB-2014-GEN-002-DRAFT-01)
ondouglas at gmail.com
Sat Jul 5 21:16:45 UTC 2014
Sorry my response is coming late, but Owen's response here captures my
sentiment accurately. Please consider this the author's views as well.
On 5 July 2014 16:09, Owen DeLong <owen at delong.com> wrote:
> 1) Summary of the Problem Being Addressed by this Policy Proposal
> Currently, AFRINIC policies do not explicitly allow or disallow
> Out-Of-Region use of Internet number resources. This silence on an important
> facet of number resource management jeopardizes administration by leaving
> staff to arbitrarily decide how to handle Out-Of-Region requests. The
> imminent exhaustion of IPv4 aggravates the situation because it is
> anticipated that organizations from other regions will have more incentive
> to exploit this and any other loophole in AFRINIC polices to acquire
> resources for sale or use outside the region - a practice that is not in
> AFRINIC's best interests.
> Firstly, I have stated before, and I will state again, having the amount of
> space AfriNIC has available and the low allocation rates is equally not in
> our interests. The financial situation in AfriNIC as highlighted in the
> last two meetings is also not in our interests. So, while I agree that
> having the resources used outside of our region may not be in the best
> interests of the african continent, this is what I would consider a
> dialectic. Will this policy actually prevent resources flowing out of the
> region or will it simply encourage fraudulent applications and falsified
> whois entries and records? I would argue the latter rather than the former.
> You offer this as a dichotomy where none exists.
> Instead, there is a very wide range of possibilities between the two. Likely
> there will be some falsified/fraudulent applications, but this policy
> provides for AfriNIC to revoke the resources in such cases once they are
> OTOH, I do believe it will also prevent resource exodus to some extent. In
> part, where things fall in the range between no prevention and all
> fraudulent requests vs. all prevention and no fraudulent requests will
> depend on the diligence and effectiveness of the AfriNIC staff.
> While I realize you posted this in your personal capacity, I would expect a
> board member to show a greater level of confidence in the AfriNIC staff, or,
> I would expect him to take actions to restore confidence.
> 2) Summary of How this Proposal Addresses the Problem
> This policy allows up to 40% of Internet number resources in use by a member
> to be outside the region. It also tries to be a disincentive for
> organizations from other regions that want to acquire resources from AFRINIC
> for use in ways that are not in line with AFRINIC's best interests.
> I do not like the phrasing that says "ways that are not inline with
> AFRINIC's best interests" . AfriNIC's mandate is to allocate resources to
> entities in the region who need them. How those organisations utilise that
> space is immaterial to AfriNIC so long as the space is being used. While I
> believe I understand the INTENT behind the phrasing, the phrasing itself is
> rather ambiguous and I would like to see it re-worded.
> I'll point out that is part of the problem description and not part of the
> policy itself, so I think it's a fine statement of intent and getting
> wrapped around the axle about it is not useful in considering the policy
> b. Notwithstanding (3.a), the number resources used outside the region at
> any given point in time shall not exceed 40% of the total space in use by a
> member. Total space in use shall be calculated as follows: if x be the
> allocation/assignment size; and x-y the amount of space in use at time z,
> then 40% of (x-y) shall be the ceiling).
> Again, my problem with this is the lack of enforceability. Vast stretches
> of this continent are still served by Satellite, and are also running on
> high latency low capacity links. It is therefore virtually impossible to
> determine where the space is actually being used. If I have a satellite hub
> in Europe with a thousand downstream customers all in central Africa, the
> hub is uplinked to a european provider, and the hub is originating the
> space, but the space is being used by the downstream customers in Africa,
> traceroutes to those customers from Africa are going to go via Europe, the
> BGP adjacencies are going to show the space being announced entirely to
> European providers, but the space is still used in Africa and latency to the
> space in Africa is going to be in the couple of hundred millisecond mark.
> Conversely, if I state in whois records the space is in Africa but announce
> it elsewhere in the world and set the right RDNS, how is anyone going to
> PROVE otherwise? Again, all this does is lead to falsified whois records.
> You've actually shown that it's fairly easy to detect these satellite based
> links by their latency. I don't think that the inability to detect all
> potential cases of fraud is a good reason to avoid implementing good policy.
> In all cases, RIR policy counts on the generally good actions of the
> majority of the community and this is no different. No matter what we do
> with policy, organizations willing to commit fraud are likely to commit
> fraud. If you have ideas for making this policy less susceptible to fraud,
> then let's hear those. Otherwise, I don't see the potential for fraud as a
> reason to avoid implementing the policy.
> c. AFRINIC staff shall at their discretion, and using whatever means are
> available, assess compliance with 3.a/b.
> This is far to ambiguous for me, host masters are trained to evaluate the
> legitimacy of requests. They are NOT network engineers, and as stated in
> the above example, evaluation of these things can be complex and require a
> fair amount of skill to figure out where things are being used. If we're
> going to pass a policy like this, then how these checks are done and to
> avoid complex and time consuming fights needs to be clearly spelt out.
> Or perhaps too ambiguous?
> I don't see anything in 3a or 3b which would require any real knowledge of
> network engineering knowledge. I think AfriNIC staff is perfectly capable of
> developing the necessary procedures and processes and performing the staff
> training that would be required by this policy. I don't think that those
> details belong in the policy text.
> f. This policy shall apply to past, present and future
> allocations/assignments made by AFRINIC.
> I have an issue with this, and there is precedent. Legacy space is not
> bound by the same rules as new allocations because it was allocated before
> those rules were implemented. When laws are introduced in a legal system,
> or penalties for a crime are decreased or increased, it is not applied
> retroactively. I would argue that applying this policy retroactively on
> already allocated space cannot be done.
> Yes and no. An action that wasn't illegal when you took it cannot be
> punished (no laws of ex post facto), however, that's not what is being
> addressed here.
> For example, laws which govern property rights usually apply to existing
> property owners' continued use of that property. For example, a municipality
> that passes a law requiring you to maintain your front yard to certain
> standards cannot prosecute you or fine you for how your yard looked a year
> before the law was implemented, but they can and will prosecute and/or fine
> you if your yard does not meet those standards after the law is put into
> I see no difference between this policy and the above situation with
> property rights. It remains to be seen whether legacy space is or is not
> subject to the same rules as new allocations if, as a community, we should
> happen to choose to apply them. However, legacy space is not covered by the
> phrase in this policy. It clearly states past/present/future
> allocations/assignments "MADE BY AFRINIC" (emphasis added). Legacy
> assignments/allocations, by definition, were not made by AfriNIC.
> Further I don't believe that the way to resolve the low utilization rate in
> the AfriNIC region is by giving away the resources for out of region use. As
> you know, resolving the low utilization rate is a complex problem which will
> take time, educational outreach, and other efforts to resolve. Getting rid
> of the resources to other utilizations elsewhere will prevent those
> resources from getting utilized in region when the desire for in-region use
> rpd mailing list
> rpd at afrinic.net
Douglas Onyango, PRINCE 2, ITILv3
UG: +256 776 716 138 | NG: +234 706 202 8375
More information about the RPD