Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Questions about IP Allocation rate

ben.roberts at afrinic.net ben.roberts at afrinic.net
Tue Oct 14 11:02:09 UTC 2025 

Andrew,

 

DPI = Digital Public Infrastructure – in the context Noah is talking.

 

Not what you are thinking!

 

From: Andrew Alston <aa at alstonnetworks.net> 
Sent: 14 October 2025 13:56
To: Noah <noah at neo.co.tz>
Cc: Andrew Alston <aa at alstonnetworks.net>; Ben Roberts - AfriNIC <ben.roberts at afrinic.net>; Owen DeLong <owen at delong.com>; RPD <rpd at afrinic.net>
Subject: Re: [rpd] Questions about IP Allocation rate

 

Any government who is doing DPI needs to wake up and get a reality check.

 

Right now we are seeing a huge uptick in adoption of QUIC and TLS3 + ESNI - and once you deploy TLS3 with encrypted SNI deep packet inspection is as good as dead.

 

In a presentation at RIPE by Cisco - they also acknowledged that DPI was a dying game and with the levels of encryption and the use of encrypted SNI, essentially such systems are made entirely useless.

 

Andrew

 

 

On Tue, Oct 14, 2025 at 1:34 PM Noah <noah at neo.co.tz <mailto:noah at neo.co.tz> > wrote:

Andrew

 

 At the back of your response to Ben... I know of a government operator that hosts an on-net CF instance but luckly, they have their own INR and dont necessary use CF IPs since CF supports BYOIP..

 

BYOIP means a govnet needs to have its own cocktail of v4/v6/ASN 

 

And the statistics should be able to show us how many of our own Govt who are working on DPI can actually BYOIP?

 

Cheers,

./noah

 

 

On Tue, 14 Oct 2025, 1:02 pm Andrew Alston, <aa at alstonnetworks.net <mailto:aa at alstonnetworks.net> > wrote:

Not Necessarily Ben.

 

Reality is they could back end Government Networks with V6 and front the services with V4 which map to the V6 backend.

 

This would substantially reduce the amount of IPv4 space actually needed by the governments, and provide dual-stack from the start.  I have serious doubts that you will find governments in Africa requiring external access to more than 200+ unique services (which would represent a single /24 on the front end).

 

We also need to keep in mind that many government services are now hosted behind the likes of CloudFlare - specifically for DDoS prevention mechanisms - and I'm not sure that IPv4 allocations by government entities are necessarily a good indicator of digital migration, since these services are not hosted on IPv4 space allocated to those entities.  The same applies to services hosted in any of the major cloud providers.

 

Considering the front ending of these services by the DDoS filter providers and the like - the requirement for front end IPv4 per government in terms of services to the citizenship is actually relatively small (And certainly does not warrant reservations at the level they are at - which - as I pointed out in an earlier message seem to be far higher than what is actually called for in the CPM)

 

Thanks

 

Andrew

 

 

On Tue, Oct 14, 2025 at 12:55 PM <ben.roberts at afrinic.net <mailto:ben.roberts at afrinic.net> > wrote:

Owen,

Will that not exclude many of their their citizens from accessing digital services?

 

 

 

From: Owen DeLong <owen at delong.com <mailto:owen at delong.com> > 
Sent: 14 October 2025 11:44
To: Noah <noah at neo.co.tz <mailto:noah at neo.co.tz> >
Cc: Ben Roberts AfriNIC <ben.roberts at afrinic.net <mailto:ben.roberts at afrinic.net> >; Andrew Alston <aa at alstonnetworks.net <mailto:aa at alstonnetworks.net> >; RPD <rpd at afrinic.net <mailto:rpd at afrinic.net> >
Subject: Re: [rpd] Questions about IP Allocation rate

 

Or better yet, not reserving IPv4 could spur those governments to deploy their govnets on IPv6 from the beginning with a clean greenfield design leapfrogging past the legacy baggage inherent in any IPv4 based solution. 

 

Owen

 

 

On Oct 13, 2025, at 12:26, Noah <noah at neo.co.tz <mailto:noah at neo.co.tz> > wrote:



Ben 

 

There is critical structural challenge in the continents digital landscape and you more than anyone knows this very well that we also suffer from uneven maturity of Digital Public Infrastructure and Government Networks (GovNet), which directly impacts the equitable deployment of essential digital services across majority of countries across our continent.

 

Look we are talking about numbering infrastructure that would support services like e-government, digital IDs, and public/private data exchanges, while aligning with AFRINIC's exhaustion-phase policies.

 

We can not shy away from these reality or pretend that there is lack of foresight from actors at Afrinic and the community at large.

 

Its a known fact that many of our African governments lack operational GovNets and strategic reservations of IPv4 address space from AFRINIC could serve as a targeted incentive to bridge these gaps. 

 

 

 

Cheers,

./noah

 

 

On Mon, 13 Oct 2025, 8:34 pm Ben Roberts - AfriNIC, <ben.roberts at afrinic.net <mailto:ben.roberts at afrinic.net> > wrote:

I think The DPI systems are normally run by state owned digital agency entities which are already mostly LIRs having some space. It is not quite as you describe being state owned LIRs that have sovereign owned IPs that are independent of LIRs..

 

 

 

Sent from my iPhone

 

On 13 Oct 2025, at 20:01, Noah <noah at neo.co.tz <mailto:noah at neo.co.tz> > wrote:



54 African States are taking public services online.

 

Digital Public infrastructure (DPI) is nolonger an idea. Its a real thing. DPI is critical. The private sector will tap into that infrastructure. Its here now.

 

Each of the 54 African states need address space indepedent of LIR space in each sovereign state.

 

These are not ideas that actors in the private sector care about or think about. 

 

Cheers,

./noah

 

 

On Mon, 13 Oct 2025, 5:52 pm Andrew Alston, <aa at alstonnetworks.net <mailto:aa at alstonnetworks.net> > wrote:

Hi All,

 

I was wondering if there were updated statistics for the amount of space allocated in the last 3 years.  In addition to this information regarding exactly how much free space is still available in the IPv4 unallocated pool (excluding reservations)

 

I ask this because depending on the allocation rate - we may wish to consider revising the soft-landing policy that currently reserves a /12 worth of ipv4 space for "future uses, as yet unforeseen".

 

I point out that the soft landing policy was ratified in 2011, and if we still, after 14 years, have not been able to articulate a clear reason for such a large reservation, I think it's time we look at most, if not all, of that /12 back into the main unallocated pool that can be allocated for African resource holders that actually need it.

 

Amongst other reasons, sitting with unallocated, unannounced, reserved space like this leaves the space vulnerable to hijacking and malicious use or even potential theft.

 

Thanks

 

Andrew

 

 

_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net> 
https://lists.afrinic.net/mailman/listinfo/rpd

_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net> 
https://lists.afrinic.net/mailman/listinfo/rpd

_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net> 
https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20251014/5c7e2cba/attachment-0001.html>

More information about the RPD mailing list