Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

Owen DeLong owen at
Thu Jun 29 12:26:34 UTC 2017

> On Jun 27, 2017, at 10:36 AM, Tutu Ngcaba <pan.afrikhan at> wrote:
> On 27 Jun 2017 4:36 p.m., "Andrew Alston" <Andrew.Alston at <mailto:Andrew.Alston at>> wrote:
> Audits cost time – Audits cost money – the bigger the organization and the more resource involved – the larger the cost – and someone has to pick up those costs.  Under the current policy – if the audit is proved to be futile – money will have been wasted – LARGE amounts of it – and since the policy refuses to disclose who ASKED for the audit in the first place – the organisation being audited has no recourse against fallacious accusations – and yes – that may well get AfriNIC sued.
> Brother Andrew,
> no you are making it looked like its this big huge task to complete. the Afrinic employee they get paid salary to work. they shall do. if your company is organised very very well and like its gotta this monitoring and the management systems tools, it is simple task of showing from this system. the afrinic has system like the whois which can show management and the allocated ip address. this is why even spam people easy to catch if they abuse because management system of whois can tell quick which ip address used to spam. so easy to even audit the afrinic using the whois.

This is absurd. Processing internal records and organizing them for presentation to auditors takes time and costs money, no matter how well organized your business is. The effort (and therefore time and money involved) is generally proportional to the volume of records being released. Beyond that, organizations grow organically over time. Handoffs are never 100% clean as positions turn over among different people. Large organizations often have fragmentation of records in that lots of different sub-parts of the organization may maintain independent relationships with the RIR(s) as well.

It can be a monumental task to try and pull all of this back together after years of organic growth even in the best of organizations.

Organizations that are monolithic and/or small can usually deal with this fairly easily. Organizations that have grown through multiple acquisitions and years of different employees managing different aspects of things with organic turnover in those roles, OTOH, have a much harder time.

> While I realize from some entirely naïve academic perspective auditing IP resources might sound like a simple task – it isn’t – always that simple – because the definition of audit says verify – and organisations that have thousands and thousands of assignments will need significant resources and money to complete such a task – a cost that must be born by someone.
> did you not have this monitoring tools and the ones for logs. like nagios, like the cacti, like the ip-plan, like the graphings tools for all the ip address in usage in your company as isp. this will make it simple for you to record ip address used and which is not used per the customers.
> what kind of ISP will not know which ip address it given to the customer to be used?  this is what can easy to show when audit happened very quickly.

It’s not necessarily  a matter of not knowing, but of having all of that data organized in a format which can be provided orderly and timely to an external entity without disclosing privileged information. I suspect you know this and that if you thought Seacom were about to get audited you might well be singing a different tune here.

>  As for the complaints about the Chinese involvement – say what you like, if a member is here on this list and objecting – they have every right to do so – enshrined in the PDP is that ALL members of the community have a say and consensus must be based on ALL members, not those we like, those we agree with, those that speak our language, those that live in our countries, THE ENTIRE COMMUNITY.
> but they will lie bra and some will be afraid like they hide something. I seen one member say their company giving internet to a billion people of Africa. can you believe this kind of lies.


Can we move beyond ad hominem and hyperbole and try to have a rational discussion of the issues?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list