Search RPD Archives
[rpd] New Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)"
Andrew.Alston at liquidtelecom.com
Sun May 22 06:12:50 UTC 2016
Unless there are details as to
A.) How this will be accomplished
B.) What level of information / access AfriNIC can ask for to to do this
C.) How the additional cost of the resources required to implement this policy are to be covered
D.) What sort of complaints are covered by 3.3(c)
I will strongly oppose this policy – it is impractical, unenforceable and hugely open to abuse. Organisation X doesn’t like Organisation Y, Organisation X goes to AfriNIC and goes “omg I think someone is not using their space properly”, Organisation Y is now under audit and wasting valuable time and effort when its entirely possible their space usage is entirely legitimate. Not to mention wasting AfriNIC time and resources.
As regards to point (B), what are you going to ask for? An addressing plan? Proof of infrastructure? Some vague log files? If they could have lied on their application, what is stopping them lying on this stuff? Or are you proposing AfriNIC actually log into their equipment and check their usage? If the latter – the answer is flatly no, not until AfriNIC signs water tight NDA’s and water tight liability contracts that says if they screw anything up, expose anything etc, they accept the liability for all of it – and since AfriNIC doesn’t have CLOSE to the resources to cover such liability hat ain’t going to happen.
Seriously – lets get real for a second – let go of the absolute paranoia that’s floating around and realise IPv4 is dead, move on, get some v6, and stop stressing ourselves out about v4 (and wasting precious time and resources trying to micro manage something that should be 6 foot under the ground already)
(Hence, I retract my “Unless there are details as to…” and replace it with “I oppose this policy, in entirety, for all the reasons stated above”
From: Seun Ojedeji <seun.ojedeji at gmail.com<mailto:seun.ojedeji at gmail.com>>
Date: Saturday, 21 May 2016 at 9:53 AM
To: rpd <rpd at afrinic.net<mailto:rpd at afrinic.net>>
Subject: [rpd] New Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)"
We have received a new policy Proposal - "Internet Number Resources Audit by AFRINIC (AFPUB-2016-GEN-001-DRAFT01)"
Draft Policy name: Internet Number Resources Audit by AFRINIC
Unique identifier: AFPUB-2016-GEN-001-DRAFT01
Status: Under Discussion
Submission Date: 18 May 2016
Authors: Amelina Arnaud, Ilunga Kabwika Serge, Jean-Baptiste Millongo
As Internet Number resources are finite, their allocation is based on the operational needs of end-users and Internet Services Providers while avoiding stockpiling in accordance with RFC7020, IPv4 Allocation Policy (AFPUB-2005-V4- 001), IPv6 Allocation and assignment policy (AFPUB-2013-v6-001) and Policy for Autonomous System Numbers (ASN) Management in the AFRINIC region (AFPUB-2004-ASN-001).
Section 4 of the Registration Service Agreement (RSA) provides the framework for investigations of the usage of allocated Internet Number resources, defines members’ obligation to cooperate and the measures to be taken by AFRINIC in case of failure to comply.
The lack of such investigation or regular control can lead to inefficient usage of the Internet Number resources, to stockpiling and other types of abuse.
2) Summary of How this Proposal Addresses the Problem
In order to ensure efficient and appropriate use of resources, AFRINIC shall conduct regular audits of resource utilisation held by its members. This would allow recovery of any type of resource, where usage is not in compliance with the RSA. Those resources can be reallocated for better usage.
3.1) The audits shall be based on compliance with the terms outlined in the RSA and Allocation/Assignment Policies.
3.2) The audits cover all allocated or Assigned resources, but priority goes to IPv4 and ASN mappable to two-octet ASN.
3.3) Classes of audit:
Members to be audited shall be selected according to the following classes:
The member is chosen by AFRINIC at random between members of the following categories:
Medium and above
A member is selected because of an internal report or due to a lack of contact between the AFRINIC and the member.
The members have requested the audit themselves or there has been a community complaint made against them that requires investigation.
3.4 In case of non-compliance and if evidence has been established in accordance with the non-exhaustive list below:
a) Unjustified lack of visibility of the resource on the global routing table.
b) Breach of AFRINIC policies.
c) Breach of the provisions of the registration service agreement or other legal agreements between the organisation holding the resource and AFRINIC.
d) Evidence that an organisation is no more operating and its blocks have not been transferred.
e) Unauthorised transfers under the provisions of the policies.
AFRNIC shall initiate the resource recovery process.
AFRINIC shall attempt to contact the organisation and correct any discrepancy towards the RSA. If the situation cannot be rectified, AFRINIC shall publish the resources to be recovered for a period of three (3) months; during which the organisation may at any time, seek compliance. After this period, the resource shall be recovered and therefore the records of the previous holder of the recovered resource shall be removed from AFRINIC databases.
Any Internet Number Resources recovered under this policy may be assigned/allocated under existing Allocation and Assignment Policies.
3.5 Appeal procedure
The audit shall be conducted in full transparency and neutrality. But if the result of the audit does not appear to be fair, the audited members has the right to appeal against the result. Appeals shall follow an arbitration process as defined by AFRINIC, which shall publish the process and the pool of arbitrators who shall be knowledgeable volunteers from the community.
Outcome of the arbitration process are unequivocal and without appeal.
3.6 Compliance Report
AFRNIC shall publish an annual report describing the members which have been audited and their level of compliance.
4.0 Revision History
18 May 2016: First Draft AFPUB-2016-GEN-001-DRAFT01 Posted on RPD list
1. Policy Development process: http://afrinic.net/en/community/policy-development
Sami Salih & Seun Ojedeji
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the RPD