Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Proposal Update received: Internet Number Resources Review by AFRINIC

ALAIN AINA aalain at trstech.net
Wed Nov 23 08:02:39 UTC 2016


hello,

inline...
> On Nov 22, 2016, at 6:16 PM, Seun Ojedeji <seun.ojedeji at gmail.com> wrote:
> 
> Sent from my LG G4
> Kindly excuse brevity and typos
> 
> On 22 Nov 2016 13:34, "sergekbk" <sergekbk at gmail.com <mailto:sergekbk at gmail.com>> wrote:
> >
> > Hello Seun,
> >
> >  Thanks for the suggestions,  but  i think that it is not necessary to reword the current version for the following reasons:
> >
> > - for 3.3.3.b, it is better to leave to AfriNIC staff to appreciate the severity  and threshold  level of alerts as stated by the current version.
> >
> SO: Well this would have been fine but in a unique environment that we find ourselves
> 
which unique environment ? what makes our environment so unique ?

> I think it's important to set minimum level of proof that is expected from the complainant. This ensures that significant level of homework has been done by whoever is raising a complain and maximises staff resources.
> 
hmmmm. Define all sort of use cases, abuses, frauds and incident reportable and the level of proof to qualify them?  
This seems like a good topic for an informational RFC
> Perhaps I should add that it may be good that such complain is limited and open to members alone (since those are the category with "direct stake" in this)
> 
The Internet Number Ressources(INR) are public ressources and the community at large is responsible for the management and good utilisation. Furthermore the INRs  being used  impact everyone and not only AFRINIC members. Report may come from AFRINIC members, but also  from end-users, operators, CERTS/CSIRTs, Law enforcement, community member, etc...

> and has a more reliable mean to verify source of the complainant.
> 
Why is the source so important  if the facts and evidences are good enough for the RIR ? 
In all cases AFRINIC will know and can verify the source.

> > - for 3.6 as long as the policy is in force, there must be a report as there's Random  class review.
> >
> > Also,  3.6 does  not prescribe  naming  members. It allows Afrinic staff to  decide  how to describe  the members, thus reviewed resources  and level of compliance. 
> >
> SO: Maybe I am the one not interpreting the current text well. Below is what it currently reads:
> 
> "AFRINIC shall publish an annual report describing the *members* which have been reviewed and their level of compliance."
> 
> 
It sound like the  term “members” in the section 3.6 is  the problem… The text shall then be amended to satisfy all.

"Describe the members” in AFRINIC context may at some point looks like:

A- How many members have been reviewed :

- By type:
 LIR, End-users, etc…

- By Category:
 Xlarge, Large, Medium, small, etc…

B- Type of ressources invloved:
    ASN, IPv4 ,IPv6

C- Level of compliance
> If indeed your intent is similar to mine then I see no reason why it should not be clearly stated in the proposal as I suggested(or in the line with that). I believe a proposal should be as unambiguous as much as possible.
> 
> 

We share the same vision here, but unambiguous does not mean make it  meaningless  and non evolutive. 

—Alain


> Regards
> 
> > Kind Regards.
> >
> >
> > Serge Ilunga
> > Cell: +243814443160
> > Skype: sergekbk
> > R.D.Congo
> > -------- Original message --------
> > From: Seun Ojedeji <seun.ojedeji at gmail.com <mailto:seun.ojedeji at gmail.com>>
> > Date: 11/20/2016 09:33 (GMT+01:00)
> > To: Dewole Ajao <dewole at forum.org.ng <mailto:dewole at forum.org.ng>>
> > Cc: rpd <rpd at afrinic.net <mailto:rpd at afrinic.net>>
> > Subject: Re: [rpd] Proposal Update received: Internet Number Resources Review by AFRINIC
> >
> > Hello,
> >
> > May I suggest rewording of section 3.3.3b and 3.6 to the following:
> >
> > 3.3.3b:
> >
> > ....Complaints shall be backed by evidence, such evidence must have a consistency duration of at least 3months and AFRINIC staff...."
> >
> > 3.6 Compliance Report
> >
> > As applicable, AFRINIC shall publish a summary of total number of unit address (or an approximate prefix) reviewed and their level of compliance.
> >
> > Sent from my LG G4
> > Kindly excuse brevity and typos
> >
> >
> > On 19 Nov 2016 22:09, "Dewole Ajao" <dewole at forum.org.ng <mailto:dewole at forum.org.ng>> wrote:
> >>
> >> Dear PDWG members,
> >>
> >> This is to inform you that authors of the policy proposal named "Internet Number Resources Review by AFRINIC" have submitted an updated version as displayed below. PDWG section of AFRINIC website will be updated in due course. 
> >>
> >> Thank you.
> >> PDWG Co-Chairs
> >>
> >>
> >> ------------------------[Proposal Header]-----------------------
> >>
> >> Unique identifier: AFPUB-2016-GEN-001-DRAFT03
> >>
> >>
> >> Draft Policy Name: Internet Number Resources Review by AFRINIC
> >> Author(s)
> >>      (a) Arnaud A. A. AMELINA | arnaud.amelina at auf.org <mailto:arnaud.amelina at auf.org> | AUT.TogoRER
> >>      (b) Serge ILUNGA KABWIKA | sergekbk at gmail.com <mailto:sergekbk at gmail.com> | Vodacom Congo SA
> >>      (c) Jean-Baptiste MILLOGO | jbmillogo at gmail.com <mailto:jbmillogo at gmail.com> | Airtel Burkina
> >>      (d) DAHMANI ZAAFOURI Wafa | wafa at ati.tn <mailto:wafa at ati.tn> | ATI 
> >>
> >> Draft Policy 
> >>
> >> Submission Date : 19 Nov. 2016
> >>
> >> Related Policies (where applicable)
> >> Obsoletes : None
> >> Amends : None
> >>
> >> ------------------------[Proposal Header]-----------------------
> >>
> >>
> >> 1. As Internet Number resources are finite, their allocation is based on the operational needs of end-users and Internet Services Providers, while avoiding stockpiling in accordance with RFC7020, IPv4 Allocation Policy CPM 5.5, IPv6 Allocation and assignment policy CPM 6.5 and Policy for Autonomous System Numbers (ASN) Management in the AFRINIC region CPM 7.0.
> >>
> >> Section 4 of the Registration Service Agreement (RSA) provides the framework for investigations of the usage of allocated Internet Number resources, defines members’ obligation to cooperate and the measures to be taken by AFRINIC in case of failure to comply. 
> >>
> >> The lack of such investigation or regular control can lead to inefficient usage of the Internet Number resources, to stockpiling and other type of abuses.
> >>
> >>  
> >> 2.0 Summary of How this Proposal Addresses the Problem
> >>
> >> In order to ensure efficient and appropriate use of resources, AFRINIC shall conduct regular reviews of resource utilization held by its members. This would allow recovery of any type of resource, where usage is not in compliance with the RSA. Those resources can be reallocated for better usage.
> >>
> >>  
> >> 3.0 Proposal
> >>
> >> 3.1 The reviews shall be based on compliance with the terms outlined in the RSA and Allocation/Assignment Policies.
> >>  
> >>
> >> 3.2 The reviews cover all allocated/Assigned resources, but priority goes to IPv4 and ASN mappable to two-octet ASN.
> >>  
> >>
> >> 3.3 Classes of review: Members to be reviewed shall be selected according to the following classes: 
> >>
> >> 3.3.1 Random: The member is chosen by AFRINIC at random between members of the following categories:
> >>
> >>     - Medium and above
> >>     - IPv6-only Large
> >>     - EU-AS 
> >>
> >> 3.3.2 Selected:
> >>
> >> A member is selected because of an internal report or due to a lack of contact between the AFRINIC and the member. 
> >>
> >> 3.3.3 Reported: Here, members are reviewed either because:
> >>
> >>     a. They have requested the review themselves or
> >>     b. There has been a community complaint made against them that warrants investigation. Complaints shall be backed by evidence and AFRINIC  staff  shall evaluate the facts as appropriate to conduct the review. However this review is not applicable to a member  with the same resources portfolio on which a full review has been completed in the preceding 24 months.
> >>  
> >>
> >> 3.4 In case of non-compliance and if evidence has been established in accordance with the non-exhaustive list below:
> >>
> >>     - Unjustified lack of visibility of the resource on the global routing table.
> >>     - Breach of AFRINIC policies.
> >>     - Breach of the provisions of the registration service agreement or other legal agreements between the organization holding the resource and AFRINIC.
> >>     - Evidence that an organisation is no more operating and its blocks have not been transferred.
> >>         - Unauthorized transfers of resources.
> >>
> >> AFRNIC shall initiate the resource recovery process. 
> >>
> >> AFRINIC shall attempt to contact the organisation and correct any discrepancy towards the RSA. If the situation cannot be rectified, AFRINIC shall publish the resources to be recovered for a period of three (3) months; during which the organisation may at any time, seek compliance. After this period, the resource shall be recovered and therefore the records of the previous holder of the recovered resource shall be removed from AFRINIC’s databases.
> >>
> >> Any Internet Number Resources recovered under this policy may be assigned/allocated under existing Allocation and Assignment Policies.
> >>  
> >>
> >> 3.5 Appeal procedure
> >>
> >> The review shall be conducted in full transparency and neutrality. But if the result of the review does not appear to be fair, the reviewed members has the right to appeal against the result. Appeals shall follow an arbitration process as defined by AFRINIC, which shall publish the process and the pool of arbitrators who shall be knowledgeable volunteers from the community.
> >>  
> >>
> >> Outcome of the arbitration process are unequivocal
> >>  
> >>
> >> 3.6 Compliance Report
> >>
> >> AFRINIC shall publish an annual report describing the members which have been reviewed and their level of compliance.
> >>  
> >>
> >> 3.7 Acknowledgement
> >>
> >> - The authors thank Mr. Alain AINA for his contribution in the development of this Policy proposal.
> >> - The authors also thank the community for the discussions and contributions.
> >>
> >> 4.0 Revision History
> >>
> >> 18 May 2016 Version 1.0 
> >>
> >> First Draft AFPUB-2016-GEN-001-DRAFT01 Posted on RPD list
> >>
> >> 05 Aug 2016 Version 2.0 
> >>
> >>     - Change on the policy’s name
> >>     - Addition of the Acknowledgement section
> >>     - Rephrasing of section 3.3.3
> >>
> >> 19 Nov 2016 Version 3.0 
> >>     - Update of section 3.3.3 from discussions on mailing list
> >>     - Update of section 3.7 (Aknowledgement) to thank the community for discussions and contributions
> >>
> >>  
> >> 5.0 References
> >>
> >> https://tools.ietf.org/html/rfc7020 <https://tools.ietf.org/html/rfc7020>
> >> http://afrinic.net/en/services/rs/rsa <http://afrinic.net/en/services/rs/rsa>
> >> http://www.afrinic.net/library/policies/126-policy-ipv4-address-allocation-policies <http://www.afrinic.net/library/policies/126-policy-ipv4-address-allocation-policies>
> >> http://www.afrinic.net/en/library/policies/122-afpub-2013-v6-001 <http://www.afrinic.net/en/library/policies/122-afpub-2013-v6-001>
> >> http://www.afrinic.net/en/library/policies/124-afpub-2004-asn-001 <http://www.afrinic.net/en/library/policies/124-afpub-2004-asn-001>
> >>
> >>
> >>
> >> _______________________________________________
> >> RPD mailing list
> >> RPD at afrinic.net <mailto:RPD at afrinic.net>
> >> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
> >>
> 
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20161123/525b4de3/attachment-0001.html>


More information about the RPD mailing list