Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Andrew Alston Andrew.Alston at
Tue Jun 27 17:45:28 UTC 2017


Sorry, but you honestly do not know what you are talking about here.

Firstly – there is information that can be disclosed to AfriNIC – and there is information contained in systems that will NEVER be disclosed – particularly because AfriNIC does not have NDA’s with its members (and a few years ago, I tried to get one signed to provide them information they asked for – they refused – though that situation may have changed under the new management)

Secondly – there is absolutely no way for AfriNIC to verify any information in an audit without substantial access to sensitive information – information which AfriNIC can provide zero assurances is going to be safely kept and guarded – and that is access that no large commercial company will grant any RIR without seriously paperwork in place.  And the agreement in the RSA about confidentiality – quite frankly – doesn’t cut it – no way – no how.

Thirdly – I can put any information I like into a management system – would it be trusted?  Where is the line – there is only one ground truth – what is configured and running on the devices.   When you are running a network of 20+ thousand potential IP enabled devices that are routing multiple blocks, are running tens of thousands of customers with static assignments, when the base routing tables don’t tell even a fraction of the story because of space inside vrf’s, and sometimes even inside CinC VRF’s – to even COMPILE that information into a form that is sanitized enough that it could be given to an untrusted third party (which is what AfriNIC is in this case) is time consuming, a massive drain on resource, and expensive.

I have PERSONALY conducted proper deep IP audits in the past on three networks – NONE of them took less than a month to complete – and that was with a lot of dedicated hard working resources that cost a fortune – and that is when the information is being compiled straight into secured system and does not need to be sanitized for consumption by an external party who cannot be held accountable should the information disclosed by leaked.

So sorry Tutu – you are just flat wrong here


From: Tutu Ngcaba [mailto:pan.afrikhan at]
Sent: 27 June 2017 20:36
To: Andrew Alston <Andrew.Alston at>
Cc: AfriNIC List <rpd at>
Subject: Re: [rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

On 27 Jun 2017 4:36 p.m., "Andrew Alston" <Andrew.Alston at<mailto:Andrew.Alston at>> wrote:
Audits cost time – Audits cost money – the bigger the organization and the more resource involved – the larger the cost – and someone has to pick up those costs.  Under the current policy – if the audit is proved to be futile – money will have been wasted – LARGE amounts of it – and since the policy refuses to disclose who ASKED for the audit in the first place – the organisation being audited has no recourse against fallacious accusations – and yes – that may well get AfriNIC sued.
Brother Andrew,

no you are making it looked like its this big huge task to complete. the Afrinic employee they get paid salary to work. they shall do. if your company is organised very very well and like its gotta this monitoring and the management systems tools, it is simple task of showing from this system. the afrinic has system like the whois which can show management and the allocated ip address. this is why even spam people easy to catch if they abuse because management system of whois can tell quick which ip address used to spam. so easy to even audit the afrinic using the whois.

While I realize from some entirely naïve academic perspective auditing IP resources might sound like a simple task – it isn’t – always that simple – because the definition of audit says verify – and organisations that have thousands and thousands of assignments will need significant resources and money to complete such a task – a cost that must be born by someone.
did you not have this monitoring tools and the ones for logs. like nagios, like the cacti, like the ip-plan, like the graphings tools for all the ip address in usage in your company as isp. this will make it simple for you to record ip address used and which is not used per the customers.

what kind of ISP will not know which ip address it given to the customer to be used?  this is what can easy to show when audit happened very quickly.

As for the complaints about the Chinese involvement – say what you like, if a member is here on this list and objecting – they have every right to do so – enshrined in the PDP is that ALL members of the community have a say and consensus must be based on ALL members, not those we like, those we agree with, those that speak our language, those that live in our countries, THE ENTIRE COMMUNITY.

but they will lie bra and some will be afraid like they hide something. I seen one member say their company giving internet to a billion people of Africa. can you believe this kind of lies.

Best Regards,
Tutu Ngcaba

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list