Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Questions for Alain...

Lee Howard lee.howard at
Wed Jun 6 16:09:09 UTC 2018

On 06/06/2018 12:04 AM, Chevalier du Borg wrote:
> Le mar. 5 juin 2018 à 18:11, Mike Burns <mike at 
> <mailto:mike at>> a écrit :
>     “There’s nothing wrong with being a broker” – Owen
>     Thanks for that, Owen. 😉
>     More to the point, there is nothing wrong with a broker authoring
>     policy.
>     I agree that it’s better to be open about being a broker when
>     authoring policy.
> Generally speaking in other part of world "There is nothing bad with 
> being a broker".
> However for Africa, there is EVERYTHING bad with being a broker.
> A broker take away IPs from a continent that does not even have enough 
> to sell them for massive personal gain. That is exploitation of this 
> continent the way the colonialist do before and some still continue to 
> do with other natural resource.

I thought Afrinic policy didn't allow that? Section 5.7 of

> Brokers are TOXIC to the trust in this community. Brokers are not very 
> different from the Arms Dealers sell weapons on the many wars on both 
> side we have experience (we will get out profit, irrespective of the 
> cost to Africa).  They general have no other interest in the 
> development of this continent.

I agree that there's some danger of "colonial" exploitation.

I think it is possible to mitigate this risk, if we choose to. See far 

> This community is generally AGAINST idea of African IP being used 
> outside Africa for purpose that does not benefit Africa. Brokers may 
> want that. We do not

In the case at hand, the proposal was to (further) limit the amount of 
IPv4 address space an organization could receive from Afrinic. Is there 
a connection to driving Afrinic-issued IPv4 addresses out of Africa?

It seems more likely to me that if Soft Landing-bis were to be adopted, 
that a few large ISPs (and maybe content or cloud providers) would find 
that they must bring addresses *into* Africa, in order to continue 
serving the great many users who only have IPv4. However, this is also 
not allowed by policy.

Story time.
Short version: I went from being the strongest opponent of a market to 
being a general supporter.
Long version: settle in with a cup of tea, this may take a while.

Some years ago, I was on the ARIN Board, at a time when the transfer 
market was proposed. I was adamantly opposed to it. I was offended by 
the idea that people who got a public resource for free should be able 
to exploit it for money. The Internet is a collaborative network, where 
we have to work together for it to work at all; therefore, I reasoned, 
if you had more addresses than you needed, you should return them to the 
RIR. Some people did, and bathed in the warm glow of righteousness.

Further, I thought, the RIR has the right to reclaim unused addresses. 
Other people thought differently, and while I thought the RIR system had 
the weight of rightness on its side, I could see how being right isn't 
necessarily enough: one has to be able to enforce that rightness without 
crippling oneself.

After years of debate, I grudgingly had to agree that it is much more 
efficient to enable a process which allows local actors to provide 
motivation for more efficient utilization. That is: the people who run 
the networks (or don't run networks anymore but still have addresses 
assigned) need some motivation to do the work to let go of their 
addresses. People who need addresses can provide that motivation. My 
objections to the creation of a market mostly boiled down to, "It's 

I was very worried about a speculator cornering the market. My math said 
that US$500 million would effectively siphon off the supply that we 
would see a disruption in the Internet, as networks needing addresses 
had to raise prices (or lose stock value) to buy addresses. So, like 
Afrinic, the ARIN policy required the recipient to demonstrate that they 
needed the IPv4 addresses.

A year or two later, I was faced with the prospect of deploying CGN 
(NAT444). Many respected colleagues told me "NAT is Evil!" I knew that 
not all cable modems and CPE supported IPv6 yet. So I needed to know 
what broke, and I did some lab testing. I asked myself the question, "If 
NAT is evil, and the address market is evil, and I have to choose 
between them while I deploy IPv6, which one is more evil?" Yes, I wanted 
to choose the lesser of two evils.

How do you quantify evil?

So I built a spreadsheet and wrote a paper describing how to calculate 
the cost of CGN, the "TCO of CGN." My reasoning was that if CGN broke X 
and Y, then some percentage of those customers would cancel, and some 
would call tech support, and both of those things cost money. Make 
guesses as to how many and what the cost is, and you know how evil CGN is.

You know what? It turned out that CGN was more expensive (with the set 
of assumptions I used, which may not apply to your network) than buying 
IPv4 addresses. Of course, there comes a price point where IPv4 costs 
more than the lost revenue and support calls, and I think we're nearing 
that point in places where the IPv4 market exists (next 1-3 years).

Because of that, it seems to me that there is a natural back-pressure on 
the market, too. At some price point, it is more cost effective to use 
IPv6 (with some transition mechanism) than to buy IPv4 addresses. Is 
that a controversial opinion?

Let's say you deploy IPv6, plus some transition mechanism, to 1,000 
users. How many of them have something that breaks? How many of those 
call tech support, costing you money, and how many of the cancel their 
service, losing you money, and how much money?  If so many users cancel 
that you lose $15,000, that's still better than spending $20,000 on IPv4 

All the transfer market does is allow you to decide that it's going to 
take you two years to deploy IPv6, and you need enough IPv4 addresses to 
last you two years.

Returning to your point about addresses being sucked out of Africa, 
which I think is critical to discuss. . .
Would it be possible to pass a transfer policy that only allowed 
addresses to come *into* Africa, and not go out?
ARIN's transfer policy ( 
requires that for addresses to be transferred to another RIR, that RIR 
have "reciprocal, compatible, needs-based policies."
As long as Afrinic requires a demonstration of need (as the current 
policy does), the policy is compatible and needs-based. Is it 
reciprocal? Probably not, at least in the way I think ARIN means it 
(that addresses can trade both ways). Would it be possible to create 
some reciprocity without being a net drain on African resources?

I don't know.
Afrinic could limit outbound transfers to less than inbound transfers. 
"I'm sorry, we're at a slight trade deficit right now: your /16 cannot 
be transferred to that U.S. company until another /18 has been 
transferred into Africa."
Afrinic could limit the size of transfers allowed out of region. Most 
demand externally is for very large blocks. Maybe allow any size 
transfer within the region, but nothing larger than /19 outbound.

There are other possibilities, I'm sure.
If we want to allow more local networks to motivate each other to be 
more efficient with IPv4 utilization, but we have some major concerns, 
then we should discuss how we might deal with those concerns.

Your ardent IPv6 evangelist,


This is only my opinion and my story, of course.

> -- 
> Borg le Chevalier
> ___________________________________
> "Common sense is what tells us the world is flat"
> _______________________________________________
> RPD mailing list
> RPD at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list