Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call for "AFPUB-2016-GEN-001-DRAFT-04 - Internet Number Resources Review by AFRINIC"

David Hilario d.hilario at
Wed Jul 12 10:41:21 UTC 2017


You had the registration services of these two RIR at an AFRINIC
meeting commenting on that very topic.
The video is online, I even gave you the time stamp from just before
they start talking.

Please listen to them...and do request their comments if you believe
they lied during the AFRINIC meeting in Mauritius.

But continuing to claim that this would put AFRINIC on par with these
RIR is simply untrue in terms of audit/review policy.

David Hilario

IP Manager

Larus Cloud Service Limited

p: +852 29888918  m: +359 89 764 1784
f: +852 29888068
a: Flat B5, 11/F, TML Tower, No.3 Hoi Shing Road, Tsuen Wan, HKSAR
e: d.hilario at

On 12 July 2017 at 13:28, Noah <noah at> wrote:
> Hi David,
> Please make me understand both the ARIN and RIPE NCC references below which
> are related to INR reviews in each of their respective regions.
> And below is the content of ARIN NRP section 12.
> 12. Resource Review
> ARIN may review the current usage of any resources maintained in the ARIN
> database. The organization shall cooperate with any request from ARIN for
> reasonable related documentation.
> ARIN may conduct such reviews:
> when any new resource is requested,
> whenever ARIN has reason to believe that the resources were originally
> obtained fraudulently or in contravention of existing policy, or
> whenever ARIN has reason to believe that an organization is not complying
> with reassignment policies, or
> at any other time without having to establish cause unless a full review has
> been completed in the preceding 24 months.
> At the conclusion of a review in which ARIN has solicited information from
> the resource holder, ARIN shall communicate to the resource holder that the
> review has been concluded and what, if any, further actions are required.
> Organizations found by ARIN to be materially out of compliance with current
> ARIN policy shall be requested or required to return resources as needed to
> bring them into (or reasonably close to) compliance.
> The degree to which an organization may remain out of compliance shall be
> based on the reasonable judgment of the ARIN staff and shall balance all
> facts known, including the organization's utilization rate, available
> address pool, and other factors as appropriate so as to avoid forcing
> returns which will result in near-term additional requests or unnecessary
> route de-aggregation.
> To the extent possible, entire blocks should be returned. Partial address
> blocks shall be returned in such a way that the portion retained will
> comprise a single aggregate block.
> If the organization does not voluntarily return resources as requested, ARIN
> may revoke any resources issued by ARIN as required to bring the
> organization into overall compliance. ARIN shall follow the same guidelines
> for revocation that are required for voluntary return in the previous
> paragraph.
> Except in cases of fraud, or violations of policy, an organization shall be
> given a minimum of six months to effect a return. ARIN shall negotiate a
> longer term with the organization if ARIN believes the organization is
> working in good faith to substantially restore compliance and has a valid
> need for additional time to renumber out of the affected blocks.
> In case of a return under paragraphs 12.4 through 12.6, ARIN shall continue
> to provide services for the resource(s) while their return or revocation is
> pending, except any maintenance fees assessed during that period shall be
> calculated as if the return or revocation was complete.
> This policy does not create any additional authority for ARIN to revoke
> legacy address space. However, the utilization of legacy resources shall be
> considered during a review to assess overall compliance.
> In considering compliance with policies which allow a timeframe (such as a
> requirement to assign some number of prefixes within 5 years), failure to
> comply cannot be measured until after the timeframe specified in the
> applicable policy has elapsed. Blocks subject to such a policy shall be
> assumed in compliance with that policy until such time as the specified time
> since issuance has elapsed.
> please also make me understand the RIPE NCC version as per the link below.
> 1. Introduction
> At the 1996 Contributors Committee Meeting the RIPE NCC was asked to
> significantly increase its efforts to ensure the validity of registry data.
> Audit has been a specific activity of the RIPE NCC since that time.
> 2. Goals
> Audit activity is done to ensure fair and neutral application of policies
> set by the RIPE community, to the general benefit of the Internet.
> Auditing can also provide the RIPE community with information about specific
> policy areas where problems are occurring, helping to ensure the efficient
> investment of resources in appropriate areas. This can include policy areas
> that need revision by the RIPE community, or areas where the RIPE NCC can
> improve compliance through better education and communication with the
> membership.
> 3. Principles
> Audit evaluation is based on compliance with the RIPE community policies
> current at the time of the audit. Audits are conducted with the intent to
> educate RIPE NCC members on how to achieve compliance.
> Members that are already working in compliance with the RIPE community
> policies will have as little disturbance to their operations as possible.
> Impartiality and confidentiality are given the highest priority throughout
> the audit process.
> 4. Types
> Random:
> The member to be audited is chosen by the RIPE NCC at random.
> Selected:
> A member is selected because of an internal report or due to a lack of
> contact between the RIPE NCC and the member.
> Reported:
> The member has requested the audit themselves or there has been a community
> complaint made against them that requires investigation.
> 5. Process
> The RIPE NCC informs the member that they are in audit and then provides
> individual assistance in checking LIR data, resource records and validity of
> RIPE Database records.
> 6. Compliance Measures
> All measures used to ensure compliance with RIPE community policies are
> based on current policies and on the service agreements signed with RIPE NCC
> members.
> The RIPE NCC will provide audit subjects with individual assistance and
> education, and will make every effort to help members comply with the
> policies. If the member is found to be unable to comply with the RIPE
> community policies, further measures may be necessary. This may include, but
> is not restricted to, a review of the audited organisation's membership
> status.
> 7. Appeals
> Audits are carried out in a completely neutral and transparent manner.
> However, if at any time a RIPE NCC member feels it is appropriate, they may
> appeal any decision of the auditing team. An appeal is made by applying for
> arbitration, as described in the RIPE NCC arbitration process:
> Cheers,
> Noah
> On Wed, Jul 12, 2017 at 1:04 PM, David Hilario
> <d.hilario at> wrote:
>> Hi Noah,
>> Just to make it clear in regards to the repeated comments trying to
>> justify this proposal by saying that RIPE NCC or ARIN are having a
>> similar policy and practice.
>> The video and the section where both ARIN and RIPE NCC are speaking:
>> At around 08:27:50 Andrea Cima from RIPE NCC
>> He goes on to explain that their reviews are called "ARC", and it is
>> to keep in touch and keep data up to data, registry data, that is the
>> contact details and so on.
>> Investigation, that is part of the "fraud".
>> 08:29:50 Leslie from ARIN.
>> Explains the scope of their policy, they only Audit in Fraud cases
>> only deregister in case of fraud.
>> Neither the RIPE NCC or ARIN does a re-evaluation of the resources and
>> questioning how the LIRs are currently using their resources.
>> So, this was debunked at an AFRINIC meeting, I don't understand how it
>> is still being spread like this.
>> It is being ignored or forgotten by the people here on this list, but
>> already stated publicly by RIRs registration services managers
>> directly that it isn't within the scope of what they do.
>> If you want to say AFRINIC can do it like RIPE NCC, simply copy the
>> ARC procedure:
>> Non-intrusive review of LIRs information and contacts, no
>> re-evaluation of their ressources, no discrimination and categories,
>> ALL LIRs.
>> No one can really have any objections to that review system, other
>> than the staff costs for it, but if done as a side project it should
>> not be a problem to review 1500+ LIRs within a 2 to 3 years time.
>> David Hilario
>> IP Manager
>> Larus Cloud Service Limited
>> p: +852 29888918  m: +359 89 764 1784
>> f: +852 29888068
>> a: Flat B5, 11/F, TML Tower, No.3 Hoi Shing Road, Tsuen Wan, HKSAR
>> w:
>> e: d.hilario at
>> On 12 July 2017 at 11:30, Noah <noah at> wrote:
>> >
>> >
>> > On 12 Jul 2017 9:47 a.m., "Bill Woodcock" <woody at> wrote:
>> >
>> >
>> > 18 Against:
>> > "chenghn at" <chenghn at>
>> > Andrew Alston <Andrew.Alston at>
>> > Bastein Li <bastienlee at>
>> > Christopher Mwangi <christopher.mwangi at>
>> > David Hilario <d.hilario at>
>> > Derrick Harrison <derrick.harrison at>
>> > Douglas Onyango <ondouglas at>
>> > Kris Seeburn <seeburn.k at>
>> > Lu Heng < at>
>> > Mark Elkins <mje at>
>> > Mark Tinka <mark.tinka at>
>> > McTim <dogwallah at>
>> > Mike Silber <silber.mike at>
>> > Nishal Goburdhan <nishal at>
>> > Noah <noah at>
>> > S Moonesamy <sm+afrinic at>
>> > Saul Stein <saul at>
>> >
>> >
>> > Hi Bill
>> >
>> > on the contrary, I actually support the policy just like other folks
>> > which
>> > is why it reached the last call. This policy would enable AFRINIC just
>> > like
>> > ARIN,  RIPE NCC and other RIR to effect compliance.
>> >
>> >
>> >
>> > So, the next question might be whether this is a winner-take-all vote,
>> > or an
>> > assessment of whether a clear consensus exists.
>> >
>> >
>> > We continue to trust the co-chairs who have guided us to this stage.
>> >
>> > Cheers
>> > Noah
>> >
>> > _______________________________________________
>> > RPD mailing list
>> > RPD at
>> >
>> >
> --
> ./noah

More information about the RPD mailing list