Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Tue Jun 8 08:32:13 UTC 2021


Hi Paschal,



Sorry, maybe I missed your point in the discussion, not easy to follow tons of comments at the same time!



Let’s depict this:


AFRINIC is empowered to reclaim resources when the members don’t pay, don’t follow the RSA, etc. I’m sure everybody agrees with that.
Even if we don’t have this policy, AFRINIC has already internal procedures in place for that reclamation.
When this policy is implemented, AFRINIC has still the same rights and duties to reclaim the resources, nothing changes.
However, in the v2 discussion, it was stated that it should be clearer. This is why we added that text. Internally doesn’t change anything in how AFRINIC will act, however, it makes an explicit declaration that they only can do that (in regards to the AS0), at the end of the reclamation process.


Yes, some may say that this sentence is not needed, and I will agree, but then we can have *again* the same discussion as in v2. So having that doesn’t change the *actual action from AFRINIC* but ensures that everybody understands it: so, makes it crystal clear.



So, NO, the policy is not attribuing *anything different or new* to AFRINIC, just making it transparent (“only at the end of the reclamation process”).



If you believe that it can be improved in terms of *editorial changes* (alternative wording, not changing the meaning), chairs could accept that as part of the last call, but only if it is clear that it is a rewording to make it clearer not a meaning change.



Please, let me know if this address your comment or if I’m missing your point.



Regards,

Jordi

@jordipalet







El 8/6/21 10:03, "Paschal Ochang" <pascosoft at gmail.com> escribió:



Well said Jordi.



They may be people who do not manage networks but have reasonable contributions to improve or develop some of the discussions. At least we have witnessed that some of the policies have been fine tuned by some of these inputs.



My issue with this proposal is the reclamation statement which I reiterated in the chat in the meeting that it looks too ambiguous. When it comes to reclamation there are grey and contentious areas that I think should not be attributed with this policy.

On Tuesday, June 8, 2021, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> wrote:

Hi Saul,



While I understand your point, I think that we need to agree that sometimes, non-operators, also provide points of view that help to improve policies. Also, there may be policies where the discussion will not be well balanced if only operators participate, because are not so closely related to operation, and instead to how to distribute resources that belong to the overall community.



I will prefer non-anonymous postings, but I also understand that some people may not be able to speak freely if they show their real names or work email (they may be even fired if their personal view point is against the corporate policy, etc.). It’s all about a good balance.



What definitively is not good is if you are speaking up on behalf of others, which has been clear in several discussions and policy presentations for the last couple of years or so.



The issue is how much difficulty is added into the chairs to distinguish if an argument pro or against a proposal is valid or not, which means that they may need to verify, in some cases, a technical question that is not within their competences to ensure if there is lack of knowledge or mistaken interpretations from any parties in the discussion.



However, I’m sure chairs have other folks, work colleagues, staff, or experts not involved in the discussion that can help them.



I think that was part of the difficulty with previous chairs. I’m sure they tried their best, but they did some mistakes by accepting objections which are clearly technical wrong and not hearing other worldwide recognized community experts that clarified it.



I think it is up to chairs to say, if they think so, “do not reapeat this arguments” as we have already decided about being invalid, and clarify what is expected in the last call, so to avoid wasting time, as I’ve suggested a couple of days ago.



Regards,

Jordi

@jordipalet







El 8/6/21 9:27, "Saul Stein" <saul at enetworks.co.za> escribió:



Hi



I say this as an AFRINIC member who is affected by the policies that are either implemented or NOT implemented.



While I agree with the community, bottom up approach, I am starting to have an issue where the term “community” is a little stretched. By that, I mean people who are in or out of the region, with apparent little to no understanding of networks anonymously (gmail, representing themselves without us knowing what networks they run and or manage) holding the discussion and policy to ransom.



I have on issues with people who represent and run networks from anywhere willing to assist in the betterment of our policies.



As someone once said, with freedom, comes responsibility.



Just my 2c worth





From: JORDI PALET MARTINEZ via RPD <rpd at afrinic.net>
Sent: Tuesday, 08 June 2021 08:38
To: rpd at afrinic.net
Subject: Re: [rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.



(semi-irony mode on)



Wow, so much difficult problem statement! Some possible responses:



1) Because some people don’t operate networks, or don’t do it properly?

2) Because some people aren’t interested in understanding it or not interested in measures to protect resources, because that will make easy to avoid their improper business models (or even maybe bad activities)?

3) Because some people are speaking on behalf others?



And all this explains inmature and unreaseanable objections not just to this policy proposal, but to any proposal that try to facilitate the accuracy of the RIRs and simplify the job of good faith operators in a standard way.



Policies aren’t meant to protect business, specially those against the overall community interest. If you’re doing something wrong or in the limit of what is acceptable, you don’t have interest in certain policies.



Regards,

Jordi

@jordipalet







El 8/6/21 8:24, "Mark Elkins" <mje at posix.co.za> escribió:



Well said Frank!

I still don't understand why some people don't see this.

On 6/8/21 8:01 AM, Frank Habicht wrote:
Hi

On 08/06/2021 01:45, Daniel Yakmut via RPD wrote:
Hi,

Are you postulating here that Resources not allocated are susceptible to
hijack?
- resources are susceptible to hijack.
- if a ROA with AS0 was published for an unallocated resource, it would
be less susceptible to hijack.


My other understanding is an RIR is a resource dispenser.
When I get my next resource from AfriNIC, I will prefer one that was not
previously hijacked and used for spamming and network abuse, and got
blacklisted and a bad reputation everywhere.

What about you?


Thanks,
Frank


Simply
Daniel

On Mon, Jun 7, 2021, 11:30 PM Fernando Frediani <fhfrediani at gmail.com
<mailto:fhfrediani at gmail.com>> wrote:

AfriNic (or any other RIR) is the resource holder for IP space that
IANA has allocated to it. So who else could secure that space until
it is assigned to an organization issuing ROAs if not the current
resource holder ?

Must we have a policy accepted by either RIPE or ARIN first in order
to accept it in AfriNic afterwards ?
This is not a worry to the RIR, it is actually an additional
guarantee that no one else will try to make usage of IP space under
its responsability.

Fernando

On 07/06/2021 19:14, Daniel Yakmut via RPD wrote:
Dear Jordi,

Just out of curiosity why has RIPE and ARIN refused to adopt the
RPKI ROA and make it their responsibility that it is used by
resource holder?. I will agree that RPKI ROA is a good tool to
secure BGP routing, however I don't see as the responsibility of
an RIR to implement it.

My strong opinion is that any resource holder should be
responsible for securing its resources and if RPKI ROA is the best
way to prevent hijack, then it will enjoy patronage. Making it a
job of AfriNIC, will possibly be going over board.

Responding to my opening question, I believe RIPE and ARIN are not
keen on accepting your arguments because they are mundane. This
means resource holders should handle this issue, without making it
a worry of the RIR.

In this regard, AfriNIC should concentrate on handling other more
important issues, hence this policy is not relevant.


Simply

Daniel

On 07/06/2021 6:3pm, JORDI PALET MARTINEZ via RPD wrote:
Ni Mimi,____

__ __

No, is not ideological, the legal counsel already confirmed the
being bookkeepers has many other **related** implications, such
as provide a trustable source of accurate data, and this is what
RPKI and AS0 improve.____

__ __

The fact that in RIPE has not been accepted yet is just one more
excuse, if you compare it with the fact that the other TWO RIRs
where it has been submitted (APNIC and LACNIC) accepted it and in
none of those regions there have been any of the excuses and lack
of knowledge about RPKI that we are hearing here. As I’ve
explained already, I don’t think the RIPE chairs decision was
correct, and we will make sure to resubmit the proposal there
once a consistent appeal process is available, in case chairs
take again a wrong decision. Also, then the experience in APNIC,
LACNIC and AFRINIC will show that those motivations are
ridiculous.____

__ __

From time to time is good that ARIN and RIPE aren’t the leaders,
you don’t think so? It shows that very smart people exist in
other regions as well!____

__ __

Once more, sometimes policies in one or the other region fail to
reach consensus, but it happens sooner or later.____

__ __

If you have a simple and trustable tool such as RPKI to drop
invalids, you have a better way (if you want) to avoid bad actors
to use prefixes that don’t belong to them as they are still on
the hands of AFRINIC. This is just facts. Not ideological, not
opinions or personal view points. So yes, AS0 avoids, if you
operate your network in a consistent way, to be faked with
prefixes not allocated/assigned by AFRINIC, and thus helps to
prevent hijacking.____

__ __

Regards,____

Jordi____

@jordipalet____

__ __

__ __

__ __

El 7/6/21 18:47, "Mimi dy" <dym5328 at gmail.com
<mailto:dym5328 at gmail.com>> escribió:____

__ __

Dear WG,____

____

I think the issue here is ideological. Many people believe that
RIRs are mere bookkeepers, and it is not in their mandate to
inject data into the routing database. That is the reason why
RIPE did not approve a similar proposal, which I totally agree
with. Moreover, I wanted to react to Jordi’s statement, saying
that these objections are based on practical and technical
matters. There is not only one routing database, there are many,
isn’t it kind of messy? And that is not even the main reason why
I object to this policy. ____

From another perspective, since people can adjust and control
their routers, can you precise how this policy can potentially
prevent/ reduce hijacking?____

____

Best.____

_______________________________________________ RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd
<https://lists.afrinic.net/mailman/listinfo/rpd> ____


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com <http://www.theipv6company.com>
The IPv6 Company

This electronic message contains information which may be
privileged or confidential. The information is intended to be for
the exclusive use of the individual(s) named above and further
non-explicilty authorized disclosure, copying, distribution or
use of the contents of this information, even if partially,
including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended
recipient be aware that any disclosure, copying, distribution or
use of the contents of this information, even if partially,
including attached files, is strictly prohibited, will be
considered a criminal offense, so you must reply to the original
sender to inform about this communication and delete it.


_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>
_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd
<https://lists.afrinic.net/mailman/listinfo/rpd>


_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd

_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd
--

Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za


_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.



--
Kind regards,

Paschal.



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/035e8698/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6413 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/035e8698/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13475 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20210608/035e8698/attachment-0001.png>


More information about the RPD mailing list