Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Questions about IP Allocation rate

Andrew Alston aa at alstonnetworks.net
Tue Oct 14 11:03:17 UTC 2025 

Aahhh my apologies :)

Sorry - I just happen to know that certain governments are attempting DPI
(Deep Packet Inspection) on links hence my misreading the acronym.

Andrew


On Tue, Oct 14, 2025 at 2:02 PM <ben.roberts at afrinic.net> wrote:

> Andrew,
>
>
>
> DPI = Digital Public Infrastructure – in the context Noah is talking.
>
>
>
> Not what you are thinking!
>
>
>
> *From:* Andrew Alston <aa at alstonnetworks.net>
> *Sent:* 14 October 2025 13:56
> *To:* Noah <noah at neo.co.tz>
> *Cc:* Andrew Alston <aa at alstonnetworks.net>; Ben Roberts - AfriNIC <
> ben.roberts at afrinic.net>; Owen DeLong <owen at delong.com>; RPD <
> rpd at afrinic.net>
> *Subject:* Re: [rpd] Questions about IP Allocation rate
>
>
>
> Any government who is doing DPI needs to wake up and get a reality check.
>
>
>
> Right now we are seeing a huge uptick in adoption of QUIC and TLS3 + ESNI
> - and once you deploy TLS3 with encrypted SNI deep packet inspection is as
> good as dead.
>
>
>
> In a presentation at RIPE by Cisco - they also acknowledged that DPI was a
> dying game and with the levels of encryption and the use of encrypted SNI,
> essentially such systems are made entirely useless.
>
>
>
> Andrew
>
>
>
>
>
> On Tue, Oct 14, 2025 at 1:34 PM Noah <noah at neo.co.tz> wrote:
>
> Andrew
>
>
>
>  At the back of your response to Ben... I know of a government operator
> that hosts an on-net CF instance but luckly, they have their own INR and
> dont necessary use CF IPs since CF supports BYOIP..
>
>
>
> BYOIP means a govnet needs to have its own cocktail of v4/v6/ASN
>
>
>
> And the statistics should be able to show us how many of our own Govt who
> are working on DPI can actually BYOIP?
>
>
>
> Cheers,
>
> *./noah*
>
>
>
>
>
> On Tue, 14 Oct 2025, 1:02 pm Andrew Alston, <aa at alstonnetworks.net> wrote:
>
> Not Necessarily Ben.
>
>
>
> Reality is they could back end Government Networks with V6 and front the
> services with V4 which map to the V6 backend.
>
>
>
> This would substantially reduce the amount of IPv4 space actually needed
> by the governments, and provide dual-stack from the start.  I have serious
> doubts that you will find governments in Africa requiring external access
> to more than 200+ unique services (which would represent a single /24 on
> the front end).
>
>
>
> We also need to keep in mind that many government services are now hosted
> behind the likes of CloudFlare - specifically for DDoS prevention
> mechanisms - and I'm not sure that IPv4 allocations by government entities
> are necessarily a good indicator of digital migration, since these services
> are not hosted on IPv4 space allocated to those entities.  The same applies
> to services hosted in any of the major cloud providers.
>
>
>
> Considering the front ending of these services by the DDoS filter
> providers and the like - the requirement for front end IPv4 per government
> in terms of services to the citizenship is actually relatively small (And
> certainly does not warrant reservations at the level they are at - which -
> as I pointed out in an earlier message seem to be far higher than what is
> actually called for in the CPM)
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
> On Tue, Oct 14, 2025 at 12:55 PM <ben.roberts at afrinic.net> wrote:
>
> Owen,
>
> Will that not exclude many of their their citizens from accessing digital
> services?
>
>
>
>
>
>
>
> *From:* Owen DeLong <owen at delong.com>
> *Sent:* 14 October 2025 11:44
> *To:* Noah <noah at neo.co.tz>
> *Cc:* Ben Roberts AfriNIC <ben.roberts at afrinic.net>; Andrew Alston <
> aa at alstonnetworks.net>; RPD <rpd at afrinic.net>
> *Subject:* Re: [rpd] Questions about IP Allocation rate
>
>
>
> Or better yet, not reserving IPv4 could spur those governments to deploy
> their govnets on IPv6 from the beginning with a clean greenfield design
> leapfrogging past the legacy baggage inherent in any IPv4 based solution.
>
>
>
> Owen
>
>
>
>
>
> On Oct 13, 2025, at 12:26, Noah <noah at neo.co.tz> wrote:
>
> 
>
> Ben
>
>
>
> There is critical structural challenge in the continents digital landscape
> and you more than anyone knows this very well that we also suffer from
> uneven maturity of Digital Public Infrastructure and Government Networks
> (GovNet), which directly impacts the equitable deployment of essential
> digital services across majority of countries across our continent.
>
>
>
> Look we are talking about numbering infrastructure that would support
> services like e-government, digital IDs, and public/private data exchanges,
> while aligning with AFRINIC's exhaustion-phase policies.
>
>
>
> We can not shy away from these reality or pretend that there is lack of
> foresight from actors at Afrinic and the community at large.
>
>
>
> Its a known fact that many of our African governments lack operational
> GovNets and strategic reservations of IPv4 address space from AFRINIC could
> serve as a targeted incentive to bridge these gaps.
>
>
>
>
>
>
>
> Cheers,
>
> *./noah*
>
>
>
>
>
> On Mon, 13 Oct 2025, 8:34 pm Ben Roberts - AfriNIC, <
> ben.roberts at afrinic.net> wrote:
>
> I think The DPI systems are normally run by state owned digital agency
> entities which are already mostly LIRs having some space. It is not quite
> as you describe being state owned LIRs that have sovereign owned IPs that
> are independent of LIRs..
>
>
>
>
>
>
>
> Sent from my iPhone
>
>
>
> On 13 Oct 2025, at 20:01, Noah <noah at neo.co.tz> wrote:
>
> 
>
> 54 African States are taking public services online.
>
>
>
> Digital Public infrastructure (DPI) is nolonger an idea. Its a real thing.
> DPI is critical. The private sector will tap into that infrastructure. Its
> here now.
>
>
>
> Each of the 54 African states need address space indepedent of LIR space
> in each sovereign state.
>
>
>
> These are not ideas that actors in the private sector care about or think
> about.
>
>
>
> Cheers,
>
> *./noah*
>
>
>
>
>
> On Mon, 13 Oct 2025, 5:52 pm Andrew Alston, <aa at alstonnetworks.net> wrote:
>
> Hi All,
>
>
>
> I was wondering if there were updated statistics for the amount of space
> allocated in the last 3 years.  In addition to this information regarding
> exactly how much free space is still available in the IPv4 unallocated pool
> (excluding reservations)
>
>
>
> I ask this because depending on the allocation rate - we may wish to
> consider revising the soft-landing policy that currently reserves a /12
> worth of ipv4 space for "future uses, as yet unforeseen".
>
>
>
> I point out that the soft landing policy was ratified in 2011, and if we
> still, after 14 years, have not been able to articulate a clear reason for
> such a large reservation, I think it's time we look at most, if not all, of
> that /12 back into the main unallocated pool that can be allocated for
> African resource holders that actually need it.
>
>
>
> Amongst other reasons, sitting with unallocated, unannounced, reserved
> space like this leaves the space vulnerable to hijacking and malicious use
> or even potential theft.
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20251014/d0c801b4/attachment-0001.html>

More information about the RPD mailing list