[rpd] [Community-Discuss] Unaddressed queries by AFRINIC during AGMM

[Owen DeLong]

Full disclosure: I don’t personally have a dog in this fight. I am personally
agnostic as to whether leasing should or should not be permitted in a
newly developed policy.

I do have a client that I consult for which is in the leasing business. It is my
opinion that their leasing business is 100% compliant with policy as it is
written and that if the community doesn’t like that fact, the community can
and should certainly amend the policy to rectify the situation.


> On Jun 29, 2021, at 03:08 , Frank Habicht <geier at geier.ne.tz> wrote:

> 

> Hi,

> 

> On 29/06/2021 12:01, Owen DeLong via RPD wrote:

>> 

>> nectivity customers or use out of the region as something "normal and

>> acceptable".

>> 

>> Regardless of who does and does not benefit, the reality is that short

>> of an actual government with the ability to enforce its rules using

>> guns and prisons, people who can make a profit are going to do what

>> they are going to do.

> 

> I need to break this down.

> I'm working in my $dayjob for one of those companies that are after

> $profit. What this company _did_ is subscribe to the methods and rules

> of a Mauritius company called AfriNIC, in order to get Internet

> Numbering Resources. And I think many of the AfriNIC members formally

> subscribed to these rules. (And the rules are subject to change

> according to PDP)

> 

> These INR are provided to members per need and justification. Relatively

> recently additional rules came into force that limited each allocation

> to maximum /22 - this is how rules can change.

> 

> INR are delegated to members that need them themselves, and AfriNIC

> calls these members "End-User" members. They are also delegated to

> members that provide internet access to respective customers, and

> AfriNIC calls these members "LIR" members.


You are close, but the term used in the bylaws is “open system protocol
network services”. I am not sure why such awkward and broad language
was chosen, but that’s a much broader definition than “internet access”.

In the CPM, LIR is defined as “An IR that receives allocations from an RIR and primarily
assigns address space to 'end-users’. LIRs are generally ISPs. Their customers are other
ISPs and possibly end-users. LIRs must be members of AFRINIC.”

Again, there’s not a single word in that definition that ties it to connectivity
services or internet access.


> I believe in all justifications for IPv4, LIR members request/require

> the addresses to address customers, or servers, or VMs that get

> connectivity services from the LIR member. And there is no problem with

> that. LIR is in the business of making profit, providing connectivity,

> hosting servers, services, needs IPs, gets IPs.


Certainly this is the prevalent model, whether or not it is 100% pervasive
I am not sure.


> There is a big difference to the case where an LIR member

> - has IPv4 address space,

> - is not using it themselves,

> - not for connectivity (or hosting) customers

> and has the IPv4 space used by "customers" that are only getting the

> IPv4 space as a service - sold or leased.


Is there? So long as the customers in question are justifying the space to the
same standards that an end-user applying to the RIR would have to or to the
same standard that would be required if they were also getting connectivity
from the LIR, then what exactly is the difference?

What if the LIR in question did announce the covering aggregates of space
they leased and provided some minimal connectivity to the customer in question?
Now they meet the definition you’ve provided above, but they’re not actually
moving packets because the more-specific being announced to the customer’s
higher bandwidth providers will win vs. the aggregate.

Does removing this connectivity fig leaf really change the nature of the
assignment in a meaningful way?


> Is that the purpose for which the IPv4 space was obtained and justified?


Since I don’t have access to anyone’s IPv4 justifications to AFRINIC in a
manner which would allow me to comment publicly, I’m going to skip this
question. Suffice it to say, I can imagine a number of ways in which this
is possible.


> There are "rules" that say an LIR should notify when use of an IP block

> changes.


Yes. The rules are, however, ambiguous at best and it’s not clear at what
level of detail a “change” is constituted nor is it clear whether an update
to whois is adequate notification in most circumstances.


> I see a big difference between changes *within an LIR* and changes to

> *use the IP space outside the AfriNIC member LIR*.


So if I have space that was allocated to my LIR and I assigned it to
customer A who is using the space in their network (technically outside
of my LIR), but then they return the space when they get their own
block and become a BYOA customer, my assigning that space to customer
B for their use on their network (also outside my LIR) becomes a problem
or change in the usage exactly why?


> With the first, I consider it generally accepted that justification remains.

> With the latter, I believe that the *LIR that subscribed to AfriNIC

> rules* has shown to no longer have the justification for these IPs for

> connectivity and hosting, including "PA" customers.


What if the justification in question was not “connectivity and hosting”?

What if the justification was “Numbering hosts on customer networks”?


> The reason for doing the latter is obviously $profit, and yes - some "

> are going to do what they are going to do ".


The reason for the former was obviously profit, too. Nobody is in business
to subsidize the benefits of others without making a profit.


> And what this community allows them to get away with.


It’s not so much a question of “get away with” as “what the rules actually
say” from my perspective. You may wish to argue that the intent or even
the clear intent of the community is something else, but in reality, for rules to be
useful, one must consider what the rules actually say, and not the current
popular interpretation of intent around the rules.

Making it up as we go along has become somewhat of an AFRINIC tradition
at this point, seemingly both in the staff actions and in the board, PDWG,
community, and various committees.

There’s also a pretty strong history of doing so being the source of a great
many problems, so I continue to hope that we can learn from those mistakes
and start actually following the rules as they are written and making the
changes necessary through the proper processes when the rules do not
meet the perceived needs of the current situation.


> To be Frank: I simply don't believe that

> AS212552    "BitCommand" in Armenia gets IP connectivity services from

> ... you know who.


Honestly, I don’t know who, but it’s easy enough to look up:

https://bgp.he.net/AS212552#_irr

Says that they get apparent transit from AS64515 and AS24940.

This seems to be borne out by https://bgp.he.net/AS212552#_graph4


> In other continents / RIRs the IPv4 space is finished. Noone has any

> hope of justifying any with the RIR. Some have more than they need -

> give or sell it to others that have "a need" and the market can probably

> regulate that.


ARIN is still issuing /24s under NRPM section 4.10, so that’s not entirely
correct.


> But AfriNIC still has and is distributing IPv4 - should it do so by

> "whoever pays most" or "everyone according to their need [upto a /22

> ;-)]". Has it given IPv4 resources to members according to their

> respective (perceived) needs???

> 

> Wasn't one of the rules that the LIR was to use the IPs for the

> connectivity (or hosting) services? 


I’ve reviewed the bylaws, the RSA, and the CPM pretty carefully. I couldn’t
find a connectivity requirement other than one that calls for the numbers
to be “routed on the internet” (which, btw, is a unique requirement in
AFRINIC not present in other RIRs).


> Are the rules still applicable?


The rules still apply as written, but that’s the real sticking point. Do we
want to focus on the common perception of what we think the rules
say (as you have done above) or do we want to review the rules as
they are written and call for the enforcement of those rules according
to a plain text interpretation of their actual content?


> bit more below...

> 

>> I’m not particularly happy about this reality, but I do recognize that

>> it is, in fact, reality and I’m not in favor of giving RIRs guns or

>> the ability to incarcerate people. Contracts only get you so far and

>> clever people can always find ways to comply with the letter of a

>> contract while circumventing the other party's intent if they want to

>> try hard enough.

>> 

>> So no, these are not “nice words”, they are the recognition of

>> unpleasant and inconvenient truths that like it or not, we are faced

>> with new realities, economic, technical, and legal.

> 

> Is one of these realities that an LIR got resources from AfriNIC for

> providing connectivity (or hosting) services, and now these are no

> longer in place?


I have no knowledge of such a situation, but in truth I have not read
the original justification for the space issued to the LIR I think you
are referring to.


>> In many countries legal frameworks the lack of a transfer policy

>> allowing registrants to monetize the transfer of their registrations

>> could be considered either restraint of trade or an

>> anti-trust/anti-competitive matter.

> 

> the fact is that these numbers should be unique and centrally managed.

> These anti-trust lawyers can send a better proposal for managing them.


The ability to sell one’s registration to another does not in any way impinge
the central management of numbers for uniqueness.


> The question is whether "according to need" or "according to whoever

> offers more $$".


This assumes that monetized transfers and/or leasing cannot be done
on the basis of need, which is a false premise. To the best of my knowledge,
Larus is quite scrupulous and detailed in collecting need justification from
customers prior to issuing addresses to them. That is certainly the written
company policy and has been the case with each and every recipient
case I have been involved with in my consulting for them.


> Should I be allowed to "buy" a /16 from AfriNIC, put it in a safe, sell

> it 3 years later for $profit ???


No. The rules prohibit you putting it in a safe and not routing it. Also, you
aren’t buying the /16, you are paying a fee for the service of recording and
maintaining the registration of the space. You can’t sell the integers, but
selling the registration of the integers has become common practice
worldwide whether you like it or not.


> Is that the purpose for which AfriNIC got the /8's from IANA?


Things have changed since the IANA was issuing /8s. The world has changed.
Many of the /8s were issued by the IANA in order to support Email, FTP, and
NNTP. I suspect there are very few servers running FTP or NNTP these days,
and while EMAIL is still a pervasive technology (for better or worse), it is not
a significant fraction of internet traffic.

Very few of the /8s issued by IANA were issued during a time when streaming
video could have been considered as a purpose for issuing them, yet today
it is probably the largest consumer of bandwidth on the internet by far.

Should we require all of the RIRs that have issued space to Netflix after
IANA runout to reclaim and return that space to IANA and rejustify it because
streaming video was not the purpose for which it was issued?

I think not.


> PS: all or most questions are serious. answers will help.


All of the answers were serious as well. I’d expect nothing less from
someone of your stature in the community.

I hope the answers are helpful.

Owen