Search RPD Archives
[rpd] New Policy Proposal Received - "Provisions for Resource Hijacking (AFPUB-2019-GEN-001-DRAFT01)"
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Sun May 26 21:40:34 UTC 2019
Hi Owen,
Let’s state this again. The proposal doesn’t intent to say the operators how to operate their routers.
The proposal simply states that if an AFRINIC member is granted with uniqueness, as you stated below, other members can’t jump over that.
The resources are for exclusive use of the members that got them allocated, under the prescriptions of our rules (the policies). If I’m AFRINIC member, I can’t use other members resources (unless explicitly authorized to by the resource holder).
This is a very basic rule of ANY membership organization: Respect the other members and whatever products/rights/services are provided to them. Members not respecting other members at a minimum should be warned about that, and if they persist, there must be consequences.
The decision to use a RIR or another is not voluntary, is the only possible way. You must use the registry of your region (small differences here among regions that require or not using the resources in that region).
Even if only a few hijacking is done by RIR members, and we can avoid that, the result will be good enough.
Regards,
Jordi
El 26/5/19 17:59, "Owen DeLong" <owen at delong.com> escribió:
As I’ve stated in the other regions where the same authors have floated this, there are a number of fundamental errors in the understanding of the role of the RIR system underlying this proposal.
It is apparently a common misconception that RIRs have some authority to grant “rights to use” number resources. That’s an easy mistake to make because the distinction is subtle, but in this context it becomes important.
The registry system grants registration for uniqueness. Any right to use is granted not by the registry system, but by those who initiate, accept, and reannounce prefixes in routers. Thus, it is ISPs who control the right to use and not the registry.
Fortunately, and to the tremendous benefit of all, the vast majority of ISPs choose to use the data in the RIR registry system as authoritative and base their grants of rights on it. This allows for a much more functional internet than if they each used competing and overlapping registry systems. However, the decision to use the RIR registry system is entirely voluntary on the part of each network operator.
The vast majority of resource hijacking in the wild is not committed by RIR members. There seems to be some exception to this in the RIPE region. As such, this policy proposal is unlikely to impact the perpetrators and far more likely to harm the victims it purports to protect.
I have tremendous respect for the authors and no doubt whatsoever that they mean well. However, the misconceptions underlying this policy prevent it from having any useful outcome. I would rate it risky, but possibly mostly harmless at best.
Therefore, I do not support the proposal.
Owen
On May 26, 2019, at 07:48, haruna adoga <hartek66 at gmail.com> wrote:
I must start by saying the authors of this proposal have done a great job, considering the negative effect of resource (IPv4, IPv6, ASN) hijacking to our region.
I do believe that since operational errors such as mistakes in BGP configurations can lead to what might be perceived as a resource hijacking activity (policy violation), it is ideal that this proposal gives the suspected resource hijacker a reasonable amount of time to explain their actions.
The duration can be deliberated by the policy authors and other members. The suspected hijacker should be given a maximum of 6 weeks rather that 4 weeks to object any conclusions, as proposed by the authors.
This will further clarify if the activity is an act of persistent intentional hijack or an operational error.
_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd
_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20190526/9e1fcf9f/attachment-0001.html>
More information about the RPD
mailing list