Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Questions about IP Allocation rate

Andrew Alston aa at alstonnetworks.net
Tue Oct 14 10:55:51 UTC 2025 

Any government who is doing DPI needs to wake up and get a reality check.

Right now we are seeing a huge uptick in adoption of QUIC and TLS3 + ESNI -
and once you deploy TLS3 with encrypted SNI deep packet inspection is as
good as dead.

In a presentation at RIPE by Cisco - they also acknowledged that DPI was a
dying game and with the levels of encryption and the use of encrypted SNI,
essentially such systems are made entirely useless.

Andrew


On Tue, Oct 14, 2025 at 1:34 PM Noah <noah at neo.co.tz> wrote:

> Andrew
>
>  At the back of your response to Ben... I know of a government operator
> that hosts an on-net CF instance but luckly, they have their own INR and
> dont necessary use CF IPs since CF supports BYOIP..
>
> BYOIP means a govnet needs to have its own cocktail of v4/v6/ASN
>
> And the statistics should be able to show us how many of our own Govt who
> are working on DPI can actually BYOIP?
>
> Cheers,
> *.**/noah*
>
>
> On Tue, 14 Oct 2025, 1:02 pm Andrew Alston, <aa at alstonnetworks.net> wrote:
>
>> Not Necessarily Ben.
>>
>> Reality is they could back end Government Networks with V6 and front the
>> services with V4 which map to the V6 backend.
>>
>> This would substantially reduce the amount of IPv4 space actually needed
>> by the governments, and provide dual-stack from the start.  I have serious
>> doubts that you will find governments in Africa requiring external access
>> to more than 200+ unique services (which would represent a single /24 on
>> the front end).
>>
>> We also need to keep in mind that many government services are now hosted
>> behind the likes of CloudFlare - specifically for DDoS prevention
>> mechanisms - and I'm not sure that IPv4 allocations by government entities
>> are necessarily a good indicator of digital migration, since these services
>> are not hosted on IPv4 space allocated to those entities.  The same applies
>> to services hosted in any of the major cloud providers.
>>
>> Considering the front ending of these services by the DDoS filter
>> providers and the like - the requirement for front end IPv4 per government
>> in terms of services to the citizenship is actually relatively small (And
>> certainly does not warrant reservations at the level they are at - which -
>> as I pointed out in an earlier message seem to be far higher than what is
>> actually called for in the CPM)
>>
>> Thanks
>>
>> Andrew
>>
>>
>> On Tue, Oct 14, 2025 at 12:55 PM <ben.roberts at afrinic.net> wrote:
>>
>>> Owen,
>>>
>>> Will that not exclude many of their their citizens from accessing
>>> digital services?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* Owen DeLong <owen at delong.com>
>>> *Sent:* 14 October 2025 11:44
>>> *To:* Noah <noah at neo.co.tz>
>>> *Cc:* Ben Roberts AfriNIC <ben.roberts at afrinic.net>; Andrew Alston <
>>> aa at alstonnetworks.net>; RPD <rpd at afrinic.net>
>>> *Subject:* Re: [rpd] Questions about IP Allocation rate
>>>
>>>
>>>
>>> Or better yet, not reserving IPv4 could spur those governments to deploy
>>> their govnets on IPv6 from the beginning with a clean greenfield design
>>> leapfrogging past the legacy baggage inherent in any IPv4 based solution.
>>>
>>>
>>>
>>> Owen
>>>
>>>
>>>
>>>
>>>
>>> On Oct 13, 2025, at 12:26, Noah <noah at neo.co.tz> wrote:
>>>
>>> 
>>>
>>> Ben
>>>
>>>
>>>
>>> There is critical structural challenge in the continents digital
>>> landscape and you more than anyone knows this very well that we also suffer
>>> from uneven maturity of Digital Public Infrastructure and Government
>>> Networks (GovNet), which directly impacts the equitable deployment of
>>> essential digital services across majority of countries across our
>>> continent.
>>>
>>>
>>>
>>> Look we are talking about numbering infrastructure that would support
>>> services like e-government, digital IDs, and public/private data exchanges,
>>> while aligning with AFRINIC's exhaustion-phase policies.
>>>
>>>
>>>
>>> We can not shy away from these reality or pretend that there is lack of
>>> foresight from actors at Afrinic and the community at large.
>>>
>>>
>>>
>>> Its a known fact that many of our African governments lack operational
>>> GovNets and strategic reservations of IPv4 address space from AFRINIC could
>>> serve as a targeted incentive to bridge these gaps.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Cheers,
>>>
>>> *./noah*
>>>
>>>
>>>
>>>
>>>
>>> On Mon, 13 Oct 2025, 8:34 pm Ben Roberts - AfriNIC, <
>>> ben.roberts at afrinic.net> wrote:
>>>
>>> I think The DPI systems are normally run by state owned digital agency
>>> entities which are already mostly LIRs having some space. It is not quite
>>> as you describe being state owned LIRs that have sovereign owned IPs that
>>> are independent of LIRs..
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Sent from my iPhone
>>>
>>>
>>>
>>> On 13 Oct 2025, at 20:01, Noah <noah at neo.co.tz> wrote:
>>>
>>> 
>>>
>>> 54 African States are taking public services online.
>>>
>>>
>>>
>>> Digital Public infrastructure (DPI) is nolonger an idea. Its a real
>>> thing. DPI is critical. The private sector will tap into that
>>> infrastructure. Its here now.
>>>
>>>
>>>
>>> Each of the 54 African states need address space indepedent of LIR space
>>> in each sovereign state.
>>>
>>>
>>>
>>> These are not ideas that actors in the private sector care about or
>>> think about.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> *./noah*
>>>
>>>
>>>
>>>
>>>
>>> On Mon, 13 Oct 2025, 5:52 pm Andrew Alston, <aa at alstonnetworks.net>
>>> wrote:
>>>
>>> Hi All,
>>>
>>>
>>>
>>> I was wondering if there were updated statistics for the amount of space
>>> allocated in the last 3 years.  In addition to this information regarding
>>> exactly how much free space is still available in the IPv4 unallocated pool
>>> (excluding reservations)
>>>
>>>
>>>
>>> I ask this because depending on the allocation rate - we may wish to
>>> consider revising the soft-landing policy that currently reserves a /12
>>> worth of ipv4 space for "future uses, as yet unforeseen".
>>>
>>>
>>>
>>> I point out that the soft landing policy was ratified in 2011, and if we
>>> still, after 14 years, have not been able to articulate a clear reason for
>>> such a large reservation, I think it's time we look at most, if not all, of
>>> that /12 back into the main unallocated pool that can be allocated for
>>> African resource holders that actually need it.
>>>
>>>
>>>
>>> Amongst other reasons, sitting with unallocated, unannounced, reserved
>>> space like this leaves the space vulnerable to hijacking and malicious use
>>> or even potential theft.
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> Andrew
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>>
>>> _______________________________________________
>>> RPD mailing list
>>> RPD at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/rpd
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20251014/754dcfcc/attachment.html>

More information about the RPD mailing list