An update on the AfriNIC situation
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.” John Curran just posted an excellent summary of the current state of affairs here: https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu... If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here: https://www.tespok.co.ke/?page_id=14001 It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do. -Bill
I suppose people who wanted to take a side could also block traffic to and from Cloud Innovations IP blocks. On 8/27/2021 10:36 AM, Bill Woodcock wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu...
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
Can't AfriNIC just create ROAs for the prefixes and point them to AS0? That would pretty much make the prefixes unusable since most tier 1's are doing ROV now. -Rich On 8/27/21, 10:20 AM, "NANOG on behalf of Aaron Wendel" <nanog-bounces+rich.compton=charter.com@nanog.org on behalf of aaron@wholesaleinternet.net> wrote: CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance. I suppose people who wanted to take a side could also block traffic to and from Cloud Innovations IP blocks. On 8/27/2021 10:36 AM, Bill Woodcock wrote: > As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.” > > John Curran just posted an excellent summary of the current state of affairs here: > > https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu... > > If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here: > > https://www.tespok.co.ke/?page_id=14001 > > It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do. > > -Bill E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
Two reasons: 1. They don’t have an AS0 ROA policy currently. 2. It would violate a court order. Owen
On Aug 27, 2021, at 09:45 , Compton, Rich A <Rich.Compton@charter.com> wrote:
Can't AfriNIC just create ROAs for the prefixes and point them to AS0? That would pretty much make the prefixes unusable since most tier 1's are doing ROV now.
-Rich
On 8/27/21, 10:20 AM, "NANOG on behalf of Aaron Wendel" <nanog-bounces+rich.compton=charter.com@nanog.org on behalf of aaron@wholesaleinternet.net> wrote:
CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.
I suppose people who wanted to take a side could also block traffic to and from Cloud Innovations IP blocks.
On 8/27/2021 10:36 AM, Bill Woodcock wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu...
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
On 8/27/21 09:45, Compton, Rich A wrote:
Can't AfriNIC just create ROAs for the prefixes and point them to AS0? That would pretty much make the prefixes unusable since most tier 1's are doing ROV now.
Technically they can, but the whole situation is tied up in litigation so legally they may not be able to do so. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
But that doesn't prevent the other RIRs issuing those since all TAs sign 0/0. Rubens Em sex, 27 de ago de 2021 13:56, Jay Hennigan <jay@west.net> escreveu:
On 8/27/21 09:45, Compton, Rich A wrote:
Can't AfriNIC just create ROAs for the prefixes and point them to AS0? That would pretty much make the prefixes unusable since most tier 1's are doing ROV now.
Technically they can, but the whole situation is tied up in litigation so legally they may not be able to do so.
-- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On Fri, 27 Aug 2021 at 19:15, Rubens Kuhl <rubensk@gmail.com> wrote:
But that doesn't prevent the other RIRs issuing those since all TAs sign 0/0.
That's an extremely dangerous precedent to set. It would eradicate the trust in the RPKI system. How about letting this legal issue play out in court and avoid any destructive actions in the meantime? lukas
* Rich.Compton@charter.com (Compton, Rich A) [Fri 27 Aug 2021, 18:47 CEST]:
Can't AfriNIC just create ROAs for the prefixes and point them to AS0? That would pretty much make the prefixes unusable since most tier 1's are doing ROV now.
I'm not a lawyer but that doesn't strike me as a great idea for an object under dispute once the presiding judge finds out about it -- Niels.
On Fri, 27 Aug 2021 at 18:45, Compton, Rich A <Rich.Compton@charter.com> wrote:
Can't AfriNIC just create ROAs for the prefixes and point them to AS0?
Trying to resolve political, legal, financial, policy or other non-technical problems with technical workarounds is a very flawed idea. The world would be in a much better place if we'd stop doing that. Yes, if you have a hammer in your hand, everything looks like a nail, I know ... lukas
On 8/27/21 18:18, Aaron Wendel wrote:
I suppose people who wanted to take a side could also block traffic to and from Cloud Innovations IP blocks.
Oddly, I recommended to a friend (one who promotes competitors do the wrong thing, hehe) that sending CI routes to /dev/null would be ideal. But it's a commercial world... unlikely to pass. Mark.
On Fri, Aug 27, 2021 at 10:38:01PM +0200, Mark Tinka <mark@tinka.africa> wrote a message of 13 lines which said:
Oddly, I recommended to a friend (one who promotes competitors do the wrong thing, hehe) that sending CI routes to /dev/null would be ideal.
Trollish idea of the day: since it is an IPv4-specific problem, stop routing IPv4 completely. Since IPv6 addresses are not scarce and have no monetary value, the problems of hoarders/thieves would disappear (and it would make life simpler for network professionals).
On 8/27/21 09:18, Aaron Wendel wrote:
I suppose people who wanted to take a side could also block traffic to and from Cloud Innovations IP blocks.
All it would take is for one 800-pound gorilla to do so. Cloud Innovations would implode should Google, Microsoft, or Amazon drop all traffic from those blocks. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On 8/28/21 20:10, Jay Hennigan wrote:
All it would take is for one 800-pound gorilla to do so. Cloud Innovations would implode should Google, Microsoft, or Amazon drop all traffic from those blocks.
This! CI are pushing their case relying on the rest of the Internet community to keep doing "the right thing" by routing/forwarding the IPv4 address space in question. If the Internet community decided that what CI was doing was not in keeping with appropriate netizenship, and stopped routing/forwarding said IPv4 address space, that would be the end. But too many parties on too many sides of the table have some kind of interest in keeping that address space routed/forwarded. So while this would quickly create useful leverage against CI's actions, I can't see the community coming to such consensus quickly. For me, the irony with what CI are doing is that while they are breaking the value of community by running AFRINIC through hell, they still expect the very same community to afford them communal decency by still routing/forwarding the address space. It's as if planet Earth is an option, and whoever doesn't like it can move to Mars or some such :-\... Mark.
Thank you for sharing this. On Fri, Aug 27, 2021 at 11:36 Bill Woodcock <woody@pch.net> wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu...
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
-- Mehmet +1-424-298-1903
There are two sides to every story… On Fri, 27 Aug 2021 at 09:44, Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>h <mailto:jcurran@arin.net>.lu@anytimechinese.com> wrote:
Dear John:
The statements you made are very misleading.
Here are some clarifications:
Cloud Innovation is disputing AFRINIC’s claim that Cloud Innovation is in breach of the agreement. Cloud Innovation maintains that we are a compliant member.
1. While I make no comment regarding the justification of our resources. we have rights just like any other registrant to keep our justification material confidential. We would like to share some public data here: Cloud innovation accounts for 80% of all AFRINIC whois updates in 2021 to date and in AFRINIC whois, over 10 million (roughly 10% of all AFRINIC space) IP addresses whois information has not been updated in more than 10 years. 40million (roughly 40%) IP addresses have not been updated in more than 5 years. Have all of them been required to provide re-justification while they don’t bother to update whois? 313 out of 1800 members have not made a single assignment in their allocations more than a year after receiving. 641 member registered show less than 50% utilization, while AFRINIC’s CPM 5.5.1.9 requires at least 50% utilization. All of those member are in violation, including several major telecoms. However according to one press we saw, AFRINIC only audited 15 member and terminated 5 of them, Cloud Innovation being the most compliant member in terms of whois update and utilization data provided to AFRINIC as data shows above.
2. I did go to ARIN for resource, ARIN requested customer personal information down to street names, personal address, all of which we do not collect in our business from end users due to data privacy concerns. I have mentioned in one of ARIN’s meeting and received a consistent answer that it must be provided before the resources can be allocated. While I later understood it is part of ARIN policy, I still believe that it is an unwise policy which puts ARIN in possession of a large collection of personally identifying information (PII). So abandoning our ARIN application for resources after RIPE ran out, was a legitimate business decision and IMHO, a morally correct one made in order to protect the privacy of our customer’s. John's statement is misleading at best. John himself has repeatedly stated that ARIN does not deny requests, but that applicant’s often abandon requests when they are unwilling or unable to provide the requested data. That’s exactly what happened here. Contrary to John’s claim, that ARIN refused the application in question, the actual facts of the matter are that Outside Heaven chose to abandon its request rather than compromise the confidentiality of its customers and trust ARIN with such a significant amount of customer PII.
4. Cloud Innovation's utilization is global, roughly 30% Asia and 30% US, with rest equally spread throughout Europe, AFRICA, and Latin America. There is nothing in AFRINIC policy manual which restricts usage of resource anywhere. And it is also common practice of several large US firms to use ARIN space either globally or across multiple regions at least.
5. Unless ARIN admits it has been given the justification submitted to AFRINIC by Cloud Innovation in past years, we don't think it is within ARIN’s mandate to comment whether it is being used for the same purpose or not. John, please clarify, have you received the justification material we submitted to AFRINIC? Do you have any inside knowledge about it? We would be very keen to know if AFRINIC has disclosed our private data to a third party in this process in violation of the very agreement they (unjustly) accuse us of breaching.
6. We find your discussion of the RIR stability fund most interesting… Please correct us if we misunderstand, but our understanding is that the fund requires the unanimous consent of all 5 RIR CEOs in order to be utilized. As such, it appears you are attempting to mislead the community by making a 20% promise as if it were a 100% assurance.
For the above reasons, we think that Mr. Curran has not provided a balanced or fully accurate representation of the facts to the ARIN community here and we hope that the above clarification will help members of the community come to a more fully informed opinion.
Finally, while we realize that this is inappropriate for PPML, as it does not really touch on any ARIN policy discussion, we believe that Mr. Curran’s post could not be allowed to stand without rebuttal. Since he chose to make such a non-policy post to PPML, we felt that our posting of the rebuttal here was justified.
Unless Mr. Curran or other ARIN staff member(s) choose to further engage on this topic here, this will be our only post on the matter to this list. We would also welcome the opportunity to take the discussion to a more appropriate ARIN list if Mr. Curran prefers that alternative.
On Fri, 27 Aug 2021 09:50:01 -0700, Owen DeLong via NANOG said:
Cloud innovation accounts for 80% of all AFRINIC whois updates in 2021 to date and in AFRINIC whois, over 10 million (roughly 10% of all AFRINIC space) IP addresses whois information has not been updated in more than 10 years.
Am I the only person whose spidey sense is tingling, wondering why one organization is churning when other registrants don't show activity for decades?
My MacGuffin-O-Meter maxed out in that graph, definitely. On Fri, Aug 27, 2021 at 1:41 PM Valdis Klētnieks <valdis.kletnieks@vt.edu> wrote:
On Fri, 27 Aug 2021 09:50:01 -0700, Owen DeLong via NANOG said:
Cloud innovation accounts for 80% of all AFRINIC whois updates in 2021 to date and in AFRINIC whois, over 10 million (roughly 10% of all AFRINIC space) IP addresses whois information has not been updated in more than 10 years.
Am I the only person whose spidey sense is tingling, wondering why one organization is churning when other registrants don't show activity for decades?
On 27 Aug 2021, at 12:50 PM, Owen DeLong via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: There are two sides to every story… On Fri, 27 Aug 2021 at 09:44, Lu Heng <<mailto:h.lu@anytimechinese.com>h<mailto:jcurran@arin.net>.lu@anytimechinese.com<mailto:lu@anytimechinese.com>> wrote: Dear John: The statements you made are very misleading. Here are some clarifications: Cloud Innovation is disputing AFRINIC’s claim that Cloud Innovation is in breach of the agreement. Cloud Innovation maintains that we are a compliant member. 1. While I make no comment regarding the justification of our resources. we have rights just like any other registrant to keep our justification material confidential. We would like to share some public data here: Cloud innovation accounts for 80% of all AFRINIC whois updates in 2021 to date and in AFRINIC whois, over 10 million (roughly 10% of all AFRINIC space) IP addresses whois information has not been updated in more than 10 years. 40million (roughly 40%) IP addresses have not been updated in more than 5 years. Have all of them been required to provide re-justification while they don’t bother to update whois? 313 out of 1800 members have not made a single assignment in their allocations more than a year after receiving. 641 member registered show less than 50% utilization, while AFRINIC’s CPM 5.5.1.9 requires at least 50% utilization. All of those member are in violation, including several major telecoms. However according to one press we saw, AFRINIC only audited 15 member and terminated 5 of them, Cloud Innovation being the most compliant member in terms of whois update and utilization data provided to AFRINIC as data shows above. Mr. Lu and/or Owen - It is so nice to hear from you elaborate on your extensive righteous behavior. Perhaps you’ll indulge us a simple yes/no question? AFRINIC’s RSA contains the following statement - (The Applicant Acknowledges…) that it is bestowed with an exclusive right of use of those number resources within the ambit of the “need” which it has justified in its application and for no other purpose during the currency of the present agreement; Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified? 2. I did go to ARIN for resource, ARIN requested customer personal information down to street names, personal address, all of which we do not collect in our business from end users due to data privacy concerns. I have mentioned in one of ARIN’s meeting and received a consistent answer that it must be provided before the resources can be allocated. While I later understood it is part of ARIN policy, I still believe that it is an unwise policy which puts ARIN in possession of a large collection of personally identifying information (PII). So abandoning our ARIN application for resources after RIPE ran out, was a legitimate business decision and IMHO, a morally correct one made in order to protect the privacy of our customer’s. John's statement is misleading at best. John himself has repeatedly stated that ARIN does not deny requests, but that applicant’s often abandon requests when they are unwilling or unable to provide the requested data. That’s exactly what happened here. Contrary to John’s claim, that ARIN refused the application in question, the actual facts of the matter are that Outside Heaven chose to abandon its request rather than compromise the confidentiality of its customers and trust ARIN with such a significant amount of customer PII. You made an application, provided inconsistent data, and then did not respond when asked provide sufficient details to satisfy reasonable due diligence. After not hearing back after repeated requests, ARIN denied the request. If you prefer to characterize it as “abandoning your application” then that is fine. It is consistent with everything I stated, including that ARIN ultimately denied your request – and that such abandonment was in the face of queries for additional information to clarify the inconsistencies in your request. We are generally able to get past these situations with the vast majority of organizations with legitimate need for the address space per ARIN policy, but I also acknowledge we cannot know how many of those who did abandon were for non-qualification versus other reasons. 5. Unless ARIN admits it has been given the justification submitted to AFRINIC by Cloud Innovation in past years, we don't think it is within ARIN’s mandate to comment whether it is being used for the same purpose or not. John, please clarify, have you received the justification material we submitted to AFRINIC? Do you have any inside knowledge about it? We would be very keen to know if AFRINIC has disclosed our private data to a third party in this process in violation of the very agreement they (unjustly) accuse us of breaching. I have no opinion regarding the justification submitted by Cloud Innovation’s for number resources from AFRINIC, and have not seen it. I _have_ asked a simple question of whether Cloud Innovation’s usage is within the remit and purpose for which they were originally justified, and I observe that this question has been asked repeated by many others in the AFRINIC community. This question does seem relevant to the dispute so please don’t be surprised if you are asked it quite often until such is resolved... Again – Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified? 6. We find your discussion of the RIR stability fund most interesting… Please correct us if we misunderstand, but our understanding is that the fund requires the unanimous consent of all 5 RIR CEOs in order to be utilized. As such, it appears you are attempting to mislead the community by making a 20% promise as if it were a 100% assurance. My statement reads - If AFRINIC requests support in accordance with the Joint RIR Stability Fund, ARIN will support such a request. Furthermore, and without reservation, ARIN stands by its unwavering commitment to support AFRINIC and will take any and all measures necessary to ensure that neither the African networking community, nor the global Internet number registry system, is operationally impacted during this period. AFRINIC was formed (and has accomplished so much) for the benefit of the African networking community and ARIN stands with the community in dealing with those who seek to disrupt or exploit it for their own benefit. It’s fairly self-explanatory and of course pertains simply to ARIN’s support for AFRINIC during this period. If you did not take that away from your reading, hopefully that is now clear. For the above reasons, we think that Mr. Curran has not provided a balanced or fully accurate representation of the facts to the ARIN community here and we hope that the above clarification will help members of the community come to a more fully informed opinion. A vigorous discourse is a wonderful thing - I actually welcome your clarifications as noted above (e.g. you prefer to characterize your ARIN request as “abandoned” rather than it having been denied) You apparently can clarify quite a bit when it suits you, but still fail to respond to the most basic yes/no question - Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified? Finally, while we realize that this is inappropriate for PPML, as it does not really touch on any ARIN policy discussion, we believe that Mr. Curran’s post could not be allowed to stand without rebuttal. Since he chose to make such a non-policy post to PPML, we felt that our posting of the rebuttal here was justified. Unless Mr. Curran or other ARIN staff member(s) choose to further engage on this topic here, this will be our only post on the matter to this list. We would also welcome the opportunity to take the discussion to a more appropriate ARIN list if Mr. Curran prefers that alternative. Excellent point. I have taken the liberty of replying to Owen’s post here on nanog for clarity, but also suggest we continue this on arin-ppml so as to spare the NANOG community. Best wishes, /John John Curran President and CEO American Registry for Internet Numbers
On Aug 27, 2021, at 11:23 AM, John Curran <jcurran@arin.net<mailto:jcurran@arin.net>> wrote: Excellent point. I have taken the liberty of replying to Owen’s post here on nanog for clarity, but also suggest we continue this on arin-ppml so as to spare the NANOG community. Thank you, John. I think NANOG has made its position clear on arguing individual legal disputes in its AUP: 3. Posts of a political, philosophical, or legal nature are prohibited. 15. The Mailing List is not an appropriate platform to resolve personal issues, engage in disputes, or file complaints This already heated discussion squarely violates both of these rules. I concur that anyone who wants to continue the discussion can go to the arin-ppml. -mel
Hello I know nothing about this case although it sounds like this guy needs to be stopped. However, let's pretend that I am talking about a completely different case. A guy sometime in the past acquired some large blocks of IP addresses. He was not completely honest at the time so he got more than he should have. At the time this meant that not all addresses were in use. Now in 2021 he is profiting from selling or leasing out these addresses. This is clearly unfair as he lied to get them back then. However this means the addresses are actually in use _now_. BUT - how is this so different from what many many other parties have done? I think we all know some huge ISPs that got much larger blocks than strictly needed, and which now are profiting directly or indirectly. I am not even talking about those that got huge blocks back when everyone thought IPv4 was unlimited. But ISPs that lied about current needs and exacareted business plans and so on, to get as large blocks as possible from RIRs. Yes I understand that the case is also about using blocks in a different region, but that too is something many others have done. The guy might be a scoundrel but is he in good company? Regards, Baldur
On Aug 27, 2021, at 11:49 PM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote: Let's pretend that I am talking about a completely different case.
A guy is profiting from leasing out addresses. This is clearly unfair as he lied to get them back then. However this means the addresses are actually in use _now_.
…by parties other than this hypothetical guy. Some of whom may have legitimate (conformant with current RIR allocation policy) uses, and others might not. And their conformance of use could be tested if the addresses were reclaimed to the RIR, and the actual users were to apply for them. At which point this hypothetical guy, who’s adding no value, but merely extracting an “ill gotten gain” from his prior fraud, will be disintermediated, and the legitimate users will be better-served, because they’ll have a direct relationship with their RIR, under their own name, at a lower cost.
How is this so different from what many many other parties have done?
Well, I hope not _many_ other parties. I guess we’re not talking about “a completely different case” after all, then? Bear in mind that this guy is in _no way_ part of the Internet ecosystem. He is _solely_ extracting rent by renting something he stole from us, back to us. If you’re saying, “Well, is that really so bad? This guy steals my car, but at least he’s willing to rent it back to me… doesn’t that happen all the time?” No, not so much.
I think we all know some huge ISPs that got much larger blocks than strictly needed, and which now are profiting directly or indirectly.
…from their business as ISPs. They’re part of the Internet ecosystem, and even if they exaggerated their need to get addresses _early_, their use has been _conformant_ since whatever time the addresses were put into use.
Yes I understand that the case is also about using blocks in a different region, but that too is something many others have done.
And whether that’s conformant or not depends upon the RIR policy, which is set differently in different regions. Take addresses from AfriNIC, and you need to be prepared to comply with AfriNIC policy. -Bill
On Sat, Aug 28, 2021 at 12:13 AM Bill Woodcock <woody@pch.net> wrote:
Well, I hope not _many_ other parties. I guess we’re not talking about “a completely different case” after all, then? Bear in mind that this guy is in _no way_ part of the Internet ecosystem. He is _solely_ extracting rent by renting something he stole from us, back to us. If you’re saying, “Well, is that really so bad? This guy steals my car, but at least he’s willing to rent it back to me… doesn’t that happen all the time?” No, not so much.
That is completely legal and within the rules in the RIPE region now. Yes I know not AfriNIC but just to point out it is not just one guy but a whole region doing business like that. We even have an official registry of companies that buy and sell IP address space. And by many parties I mean _most_ parties that were part of the system just before we ran out of IP addresses. Everyone knew it was the last chance so you had to be an idiot not to get as much address space as possible. Here in my country the largest ISP got an assignment so big, that they can use 2 IPs for every person living in the country. They do not have a market share that large, but I suppose they could make up a business plan to lay out plans for that. And now they can either offer IPv4 services that smaller and younger ISPs can not or they can sell/rent the space and profit in exactly the same way as our hypothetical friend here. In the RIPE region we had a run with many parties that created fake LIRs to get an extra /22 assignment. Did they steal that any less than this guy? I believe all of that stinks. It is just that this guy is a small fish compared to the robbery done by so many others. Regards, Baldur
On Aug 28, 2021, at 12:48 AM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote: just to point out it is not just one guy but a whole region doing business like that.
You’re saying a whole region consists of parties who don’t route IP traffic? If not, you’re making a false equivalency.
In the RIPE region we had a run with many parties that created fake LIRs to get an extra /22 assignment.
That’s unfortunate, and I hope RIPE revokes any allocations which were made under false pretenses and are being currently used in ways that violate RIPE’s current policies. As AfriNIC does.
Did they steal that any less than this guy?
I believe the blocks in question are: 154.80.0.0/12 45.192.0.0/12 156.224.0.0/11 154.192.0.0/11 So, yes, 6,144 times less.
This guy is a small fish compared to the robbery done by so many others.
If you know of someone who’s fraudulently acquired _more_ than 6.3M IPv4 addresses, and is profiting from their being used in contravention of RIR policy, I very much encourage you to request that your RIR perform a compliance audit. Since, after all, that’s what the RIR’s job is. -Bill
On Sat, Aug 28, 2021 at 1:07 AM Bill Woodcock <woody@pch.net> wrote:
On Aug 28, 2021, at 12:48 AM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote: just to point out it is not just one guy but a whole region doing business like that.
You’re saying a whole region consists of parties who don’t route IP traffic?
None of the regions require that the IP allocations are used for routing IP traffic. Aside from that, I am saying that RIPE no longer has a "need" policy which means you can have as much IP space as you want without providing any need to own this space. In addition we have IP brokers that expressly buys IP blocks for the purpose of selling - not routing - the space.
If not, you’re making a false equivalency.
In the RIPE region we had a run with many parties that created fake LIRs to get an extra /22 assignment.
That’s unfortunate, and I hope RIPE revokes any allocations which were made under false pretenses and are being currently used in ways that violate RIPE’s current policies. As AfriNIC does.
None of the regions will do anything like that as long as current policies are fulfilled. As RIPE no longer has a policy of showing any need, no such revocations will happen. This is a case only because the guy is using space from AfriNIC.
Did they steal that any less than this guy?
I believe the blocks in question are:
154.80.0.0/12 45.192.0.0/12 156.224.0.0/11 154.192.0.0/11
So, yes, 6,144 times less.
Nah, what happened in RIPE with the /22 blocks was on a similar or larger scale. Remember we had a whole /8 plus some for that policy.
This guy is a small fish compared to the robbery done by so many others.
If you know of someone who’s fraudulently acquired _more_ than 6.3M IPv4 addresses, and is profiting from their being used in contravention of RIR policy, I very much encourage you to request that your RIR perform a compliance audit.
Say we have an ISP with an allocation of 8 million addresses in a country with 5 million people, including babies, a case can easily be made that they have approximately that many IPv4 addresses they do not really need. Maybe they will sell them for a profit some day. But RIPE _will not revoce_ those addresses. Does not matter that the business plans or whatever they did to get that many were totally fake back then. And this happened everywhere. Do not be naive, it was also going on in every other region. In fact, a case can be made for the whole ARIN region of collectively hoarding IPv4 space which now can be sold for a profit. Or what about going back to 2011 when Microsoft bought a large IPv4 block from someone who was not routing said block? This guy did not invent the business model! Fact is IPv4 was a lottery and the winnings have been distributed. A lot of those that played did cheat. They are not going to pay for that now. What perhaps makes this case different is that he is robbing AfriNIC. I am afraid they are set up to be robbed as the last RIR to still have IPv4 available. Perhaps AfriNIC should just auction it away and use the money to help the internet in Africa in other ways. Regards, Baldur
On Fri, Aug 27, 2021 at 9:15 PM Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
On Sat, Aug 28, 2021 at 1:07 AM Bill Woodcock <woody@pch.net> wrote:
On Aug 28, 2021, at 12:48 AM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote: just to point out it is not just one guy but a whole region doing business like that.
You’re saying a whole region consists of parties who don’t route IP traffic?
None of the regions require that the IP allocations are used for routing IP traffic. Aside from that, I am saying that RIPE no longer has a "need" policy which means you can have as much IP space as you want without providing any need to own this space. In addition we have IP brokers that expressly buys IP blocks for the purpose of selling - not routing - the space.
I believe you were trying to say routing IP traffic on the Internet DFZ. Because IP addresses are only needed for IP networks; and if the allocation request specified Internet usage, then every RIR will hold the requester to that promise. Rubens
On Sat, 28 Aug 2021, 00:50 Baldur Norddahl, <baldur.norddahl@gmail.com> wrote:
Hello
Hi
BUT - how is this so different from what many many other parties have done? I think we all know some huge ISPs that got much larger blocks than strictly needed, and which now are profiting directly or indirectly.
By profiting.. do you mean through those ISP providing a wide range of IP related services? Or do you mean by the said ISPs involving themselves in an IPv4 leasing business model without any transport protocol between the said ISPs and the end-user? Cheers, Noah
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 People, can we at least quote properly? I can't follow this at all. I wish ARIN would stay out of this, it's not something that affects the ARIN region, and nothing said in this statement seems to refute any of the allegations against AFRINIC. What it does seem to do is state Lu Heng/Cloud Innovation is a shady guy. While this may be true, I'd expect a RIR to treat everyone the same, and that's the core of the legal complaint here. I'd expect that for a court to freeze assets of AFRINIC there must be a very strong argument. On 8/27/21 2:23 PM, John Curran wrote:
On 27 Aug 2021, at 12:50 PM, Owen DeLong via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote:
There are two sides to every story…
On Fri, 27 Aug 2021 at 09:44, Lu Heng
<<mailto:h.lu@anytimechinese.com>h<mailto:jcurran@arin.net>.lu@anytimechinese.com<mailto:lu@anytimechinese.com>>
wrote:
Dear John:
The statements you made are very misleading.
Here are some clarifications:
Cloud Innovation is disputing AFRINIC’s claim that Cloud Innovation is in breach of the agreement. Cloud Innovation maintains that we are a compliant member.
1. While I make no comment regarding the justification of our resources. we have rights just like any other registrant to keep our justification material confidential. We would like to share some public data here: Cloud innovation accounts for 80% of all AFRINIC whois updates in 2021 to date and in AFRINIC whois, over 10 million (roughly 10% of all AFRINIC space) IP addresses whois information has not been updated in more than 10 years. 40million (roughly 40%) IP addresses have not been updated in more than 5 years. Have all of them been required to provide re-justification while they don’t bother to update whois? 313 out of 1800 members have not made a single assignment in their allocations more than a year after receiving. 641 member registered show less than 50% utilization, while AFRINIC’s CPM 5.5.1.9 requires at least 50% utilization. All of those member are in violation, including several major telecoms. However according to one press we saw, AFRINIC only audited 15 member and terminated 5 of them, Cloud Innovation being the most compliant member in terms of whois update and utilization data provided to AFRINIC as data shows above.
Mr. Lu and/or Owen - It is so nice to hear from you elaborate on your extensive righteous behavior. Perhaps you’ll indulge us a simple yes/no question?
AFRINIC’s RSA contains the following statement -
(The Applicant Acknowledges…) that it is bestowed with an exclusive right of use of those number resources within the ambit of the “need” which it has justified in its application and for no other purpose during the currency of the present agreement;
Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified?
2. I did go to ARIN for resource, ARIN requested customer personal information down to street names, personal address, all of which we do not collect in our business from end users due to data privacy concerns. I have mentioned in one of ARIN’s meeting and received a consistent answer that it must be provided before the resources can be allocated. While I later understood it is part of ARIN policy, I still believe that it is an unwise policy which puts ARIN in possession of a large collection of personally identifying information (PII). So abandoning our ARIN application for resources after RIPE ran out, was a legitimate business decision and IMHO, a morally correct one made in order to protect the privacy of our customer’s. John's statement is misleading at best. John himself has repeatedly stated that ARIN does not deny requests, but that applicant’s often abandon requests when they are unwilling or unable to provide the requested data. That’s exactly what happened here. Contrary to John’s claim, that ARIN refused the application in question, the actual facts of the matter are that Outside Heaven chose to abandon its request rather than compromise the confidentiality of its customers and trust ARIN with such a significant amount of customer PII.
You made an application, provided inconsistent data, and then did not respond when asked provide sufficient details to satisfy reasonable due diligence. After not hearing back after repeated requests, ARIN denied the request.
If you prefer to characterize it as “abandoning your application” then that is fine. It is consistent with everything I stated, including that ARIN ultimately denied your request – and that such abandonment was in the face of queries for additional information to clarify the inconsistencies in your request. We are generally able to get past these situations with the vast majority of organizations with legitimate need for the address space per ARIN policy, but I also acknowledge we cannot know how many of those who did abandon were for non-qualification versus other reasons.
5. Unless ARIN admits it has been given the justification submitted to AFRINIC by Cloud Innovation in past years, we don't think it is within ARIN’s mandate to comment whether it is being used for the same purpose or not. John, please clarify, have you received the justification material we submitted to AFRINIC? Do you have any inside knowledge about it? We would be very keen to know if AFRINIC has disclosed our private data to a third party in this process in violation of the very agreement they (unjustly) accuse us of breaching.
I have no opinion regarding the justification submitted by Cloud Innovation’s for number resources from AFRINIC, and have not seen it.
I _have_ asked a simple question of whether Cloud Innovation’s usage is within the remit and purpose for which they were originally justified, and I observe that this question has been asked repeated by many others in the AFRINIC community.
This question does seem relevant to the dispute so please don’t be surprised if you are asked it quite often until such is resolved...
Again – Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified?
6. We find your discussion of the RIR stability fund most interesting… Please correct us if we misunderstand, but our understanding is that the fund requires the unanimous consent of all 5 RIR CEOs in order to be utilized. As such, it appears you are attempting to mislead the community by making a 20% promise as if it were a 100% assurance.
My statement reads -
If AFRINIC requests support in accordance with the Joint RIR Stability Fund, ARIN will support such a request. Furthermore, and without reservation, ARIN stands by its unwavering commitment to support AFRINIC and will take any and all measures necessary to ensure that neither the African networking community, nor the global Internet number registry system, is operationally impacted during this period. AFRINIC was formed (and has accomplished so much) for the benefit of the African networking community and ARIN stands with the community in dealing with those who seek to disrupt or exploit it for their own benefit.
It’s fairly self-explanatory and of course pertains simply to ARIN’s support for AFRINIC during this period. If you did not take that away from your reading, hopefully that is now clear.
For the above reasons, we think that Mr. Curran has not provided a balanced or fully accurate representation of the facts to the ARIN community here and we hope that the above clarification will help members of the community come to a more fully informed opinion.
A vigorous discourse is a wonderful thing - I actually welcome your clarifications as noted above (e.g. you prefer to characterize your ARIN request as “abandoned” rather than it having been denied)
You apparently can clarify quite a bit when it suits you, but still fail to respond to the most basic yes/no question - Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified?
Finally, while we realize that this is inappropriate for PPML, as it does not really touch on any ARIN policy discussion, we believe that Mr. Curran’s post could not be allowed to stand without rebuttal. Since he chose to make such a non-policy post to PPML, we felt that our posting of the rebuttal here was justified.
Unless Mr. Curran or other ARIN staff member(s) choose to further engage on this topic here, this will be our only post on the matter to this list. We would also welcome the opportunity to take the discussion to a more appropriate ARIN list if Mr. Curran prefers that alternative.
Excellent point. I have taken the liberty of replying to Owen’s post here on nanog for clarity, but also suggest we continue this on arin-ppml so as to spare the NANOG community.
Best wishes, /John
John Curran President and CEO American Registry for Internet Numbers
- -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAmEpRgwACgkQYTmgYVLG kUAhLg/7B82+gbK4YjMwENBKIoL+53vB/H5DVo4WFHmDekadrsD8NkD39MxYARfZ vfe4uQqKCEx5Oo1Cefh9oY9G9mAhVC0244afbIqGU7RH06WSWFOA5Xj7//dUvTgH Tqd+A1ehGop/LpJlKJhFBOj5hMc9AgXNXPadeXAlx0LEsgp0Q1K7PFjCu+6+q9Ed LMT9Yu5FNDlsvEq/+ErnHcoRRdHx/cESPpswnt5neb4Sjg8mBldglA/1VwGx4LGu lzAWapp0Jbn9F5G/9SuI6UowCu08Gk+zaVmu31Z2fs3PRpa3KniOTnNDF7MHgT33 CK/awTaiNIPOJaK0ktXtBQmlwEfR4tkWHi15SdwvEBDX3y3OEfIdKc5Cm9DhoJhW 6JTlNFWmplL2HZpdIWiEVCu++21xsMEpJKeMPcfpVsxPkxAHdbikSQ0zK+8pBTye pehHaYqnhDbX2jER//+sfJ1cezrsXg+dZ0deNvB7HjrdnWvdKitpzv09Ap24iwzq u0wdEsuVn6bQT8LcSbXAigssaTyCOp84G2JlRpZ85/iAsQXawpEAn1ACBHi0tbXS RQ8ddRiINnJ1kzP3xqxVIBvlfo1PzQjXNwoOn5fE5w/qyuI78IyKHkWad6AyEuyB kEZdDl3VDcCRe4wdt8CQOxgiJfG0AkyPBipfJFdSy08ujZwpUIU= =Ohbp -----END PGP SIGNATURE-----
I wish ARIN would stay out of this, it's not something that affects the ARIN region, and nothing said in this statement seems to refute any of the allegations against AFRINIC. What it does seem to do is state Lu Heng/Cloud Innovation is a shady guy. While this may be true, I'd expect a RIR to treat everyone the same, and that's the core of the legal complaint here. I'd expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
That's not the case in the Mauritius jurisdiction. Its law allows the complainant to bear the burden of executing the freeze without the court analysis. So, it's not like an injunction like in some other jurisdictions. Rubens
Bryan, Legal dispute discussions are prohibited by NANOG’s AUP. Please help us keep this stuff out of the NANOG stream -mel via cell
On Aug 27, 2021, at 1:10 PM, Bryan Fields <Bryan@bryanfields.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
People, can we at least quote properly? I can't follow this at all.
I wish ARIN would stay out of this, it's not something that affects the ARIN region, and nothing said in this statement seems to refute any of the allegations against AFRINIC. What it does seem to do is state Lu Heng/Cloud Innovation is a shady guy. While this may be true, I'd expect a RIR to treat everyone the same, and that's the core of the legal complaint here. I'd expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
On 8/27/21 2:23 PM, John Curran wrote: On 27 Aug 2021, at 12:50 PM, Owen DeLong via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote:
There are two sides to every story…
On Fri, 27 Aug 2021 at 09:44, Lu Heng
<<mailto:h.lu@anytimechinese.com>h<mailto:jcurran@arin.net>.lu@anytimechinese.com<mailto:lu@anytimechinese.com>>
wrote:
Dear John:
The statements you made are very misleading.
Here are some clarifications:
Cloud Innovation is disputing AFRINIC’s claim that Cloud Innovation is in breach of the agreement. Cloud Innovation maintains that we are a compliant member.
1. While I make no comment regarding the justification of our resources. we have rights just like any other registrant to keep our justification material confidential. We would like to share some public data here: Cloud innovation accounts for 80% of all AFRINIC whois updates in 2021 to date and in AFRINIC whois, over 10 million (roughly 10% of all AFRINIC space) IP addresses whois information has not been updated in more than 10 years. 40million (roughly 40%) IP addresses have not been updated in more than 5 years. Have all of them been required to provide re-justification while they don’t bother to update whois? 313 out of 1800 members have not made a single assignment in their allocations more than a year after receiving. 641 member registered show less than 50% utilization, while AFRINIC’s CPM 5.5.1.9 requires at least 50% utilization. All of those member are in violation, including several major telecoms. However according to one press we saw, AFRINIC only audited 15 member and terminated 5 of them, Cloud Innovation being the most compliant member in terms of whois update and utilization data provided to AFRINIC as data shows above.
Mr. Lu and/or Owen - It is so nice to hear from you elaborate on your extensive righteous behavior. Perhaps you’ll indulge us a simple yes/no question?
AFRINIC’s RSA contains the following statement -
(The Applicant Acknowledges…) that it is bestowed with an exclusive right of use of those number resources within the ambit of the “need” which it has justified in its application and for no other purpose during the currency of the present agreement;
Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified?
2. I did go to ARIN for resource, ARIN requested customer personal information down to street names, personal address, all of which we do not collect in our business from end users due to data privacy concerns. I have mentioned in one of ARIN’s meeting and received a consistent answer that it must be provided before the resources can be allocated. While I later understood it is part of ARIN policy, I still believe that it is an unwise policy which puts ARIN in possession of a large collection of personally identifying information (PII). So abandoning our ARIN application for resources after RIPE ran out, was a legitimate business decision and IMHO, a morally correct one made in order to protect the privacy of our customer’s. John's statement is misleading at best. John himself has repeatedly stated that ARIN does not deny requests, but that applicant’s often abandon requests when they are unwilling or unable to provide the requested data. That’s exactly what happened here. Contrary to John’s claim, that ARIN refused the application in question, the actual facts of the matter are that Outside Heaven chose to abandon its request rather than compromise the confidentiality of its customers and trust ARIN with such a significant amount of customer PII.
You made an application, provided inconsistent data, and then did not respond when asked provide sufficient details to satisfy reasonable due diligence. After not hearing back after repeated requests, ARIN denied the request.
If you prefer to characterize it as “abandoning your application” then that is fine. It is consistent with everything I stated, including that ARIN ultimately denied your request – and that such abandonment was in the face of queries for additional information to clarify the inconsistencies in your request. We are generally able to get past these situations with the vast majority of organizations with legitimate need for the address space per ARIN policy, but I also acknowledge we cannot know how many of those who did abandon were for non-qualification versus other reasons.
5. Unless ARIN admits it has been given the justification submitted to AFRINIC by Cloud Innovation in past years, we don't think it is within ARIN’s mandate to comment whether it is being used for the same purpose or not. John, please clarify, have you received the justification material we submitted to AFRINIC? Do you have any inside knowledge about it? We would be very keen to know if AFRINIC has disclosed our private data to a third party in this process in violation of the very agreement they (unjustly) accuse us of breaching.
I have no opinion regarding the justification submitted by Cloud Innovation’s for number resources from AFRINIC, and have not seen it.
I _have_ asked a simple question of whether Cloud Innovation’s usage is within the remit and purpose for which they were originally justified, and I observe that this question has been asked repeated by many others in the AFRINIC community.
This question does seem relevant to the dispute so please don’t be surprised if you are asked it quite often until such is resolved...
Again – Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified?
6. We find your discussion of the RIR stability fund most interesting… Please correct us if we misunderstand, but our understanding is that the fund requires the unanimous consent of all 5 RIR CEOs in order to be utilized. As such, it appears you are attempting to mislead the community by making a 20% promise as if it were a 100% assurance.
My statement reads -
If AFRINIC requests support in accordance with the Joint RIR Stability Fund, ARIN will support such a request. Furthermore, and without reservation, ARIN stands by its unwavering commitment to support AFRINIC and will take any and all measures necessary to ensure that neither the African networking community, nor the global Internet number registry system, is operationally impacted during this period. AFRINIC was formed (and has accomplished so much) for the benefit of the African networking community and ARIN stands with the community in dealing with those who seek to disrupt or exploit it for their own benefit.
It’s fairly self-explanatory and of course pertains simply to ARIN’s support for AFRINIC during this period. If you did not take that away from your reading, hopefully that is now clear.
For the above reasons, we think that Mr. Curran has not provided a balanced or fully accurate representation of the facts to the ARIN community here and we hope that the above clarification will help members of the community come to a more fully informed opinion.
A vigorous discourse is a wonderful thing - I actually welcome your clarifications as noted above (e.g. you prefer to characterize your ARIN request as “abandoned” rather than it having been denied)
You apparently can clarify quite a bit when it suits you, but still fail to respond to the most basic yes/no question - Is Cloud Innovation’s use of the blocks in question within the remit and purpose for which they were originally justified?
Finally, while we realize that this is inappropriate for PPML, as it does not really touch on any ARIN policy discussion, we believe that Mr. Curran’s post could not be allowed to stand without rebuttal. Since he chose to make such a non-policy post to PPML, we felt that our posting of the rebuttal here was justified.
Unless Mr. Curran or other ARIN staff member(s) choose to further engage on this topic here, this will be our only post on the matter to this list. We would also welcome the opportunity to take the discussion to a more appropriate ARIN list if Mr. Curran prefers that alternative.
Excellent point. I have taken the liberty of replying to Owen’s post here on nanog for clarity, but also suggest we continue this on arin-ppml so as to spare the NANOG community.
Best wishes, /John
John Curran President and CEO American Registry for Internet Numbers
- -- Bryan Fields
727-409-1194 - Voice http://bryanfields.net -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAmEpRgwACgkQYTmgYVLG kUAhLg/7B82+gbK4YjMwENBKIoL+53vB/H5DVo4WFHmDekadrsD8NkD39MxYARfZ vfe4uQqKCEx5Oo1Cefh9oY9G9mAhVC0244afbIqGU7RH06WSWFOA5Xj7//dUvTgH Tqd+A1ehGop/LpJlKJhFBOj5hMc9AgXNXPadeXAlx0LEsgp0Q1K7PFjCu+6+q9Ed LMT9Yu5FNDlsvEq/+ErnHcoRRdHx/cESPpswnt5neb4Sjg8mBldglA/1VwGx4LGu lzAWapp0Jbn9F5G/9SuI6UowCu08Gk+zaVmu31Z2fs3PRpa3KniOTnNDF7MHgT33 CK/awTaiNIPOJaK0ktXtBQmlwEfR4tkWHi15SdwvEBDX3y3OEfIdKc5Cm9DhoJhW 6JTlNFWmplL2HZpdIWiEVCu++21xsMEpJKeMPcfpVsxPkxAHdbikSQ0zK+8pBTye pehHaYqnhDbX2jER//+sfJ1cezrsXg+dZ0deNvB7HjrdnWvdKitpzv09Ap24iwzq u0wdEsuVn6bQT8LcSbXAigssaTyCOp84G2JlRpZ85/iAsQXawpEAn1ACBHi0tbXS RQ8ddRiINnJ1kzP3xqxVIBvlfo1PzQjXNwoOn5fE5w/qyuI78IyKHkWad6AyEuyB kEZdDl3VDcCRe4wdt8CQOxgiJfG0AkyPBipfJFdSy08ujZwpUIU= =Ohbp -----END PGP SIGNATURE-----
On 27 Aug 2021, at 4:07 PM, Bryan Fields <Bryan@bryanfields.net> wrote:
... I wish ARIN would stay out of this, it's not something that affects the ARIN region,
Bryan - I agree in general, but note the characterization of “not affecting ARIN” community isn’t the case when the dispute in question can operationally take out an RIR. As I said in the article - Disputes between RIRs and their customers do occur from time to time, and it is best that such disputes are resolved within that RIR, its community, and/or the applicable legal and courts system if necessary. ARIN does not normally comment on disputes or related litigation occurring at another RIR, but this matter has become quite different, as it is both highly public and has potential for significant impact to the overall stability of the Internet number registry system and thus to ARIN and its community.
I’d expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
Indeterminate at this time, since a “Freezing Order" issued via ex party hearing doesn’t actually test the strength of the arguments, as the affected party is not present to respond. It is only when the case for the validation of the order is heard that the strength of the arguments could possibly be assessed. Note - the full list of cases filed are here <https://afrinic.net/court-cases <https://afrinic.net/court-cases>> for reference. FYI, /John John Curran President and CEO American Registry for Internet Numbers
On 8/27/21 4:30 PM, John Curran wrote:>
ARIN does not normally comment on disputes or related litigation occurring at another RIR, but this matter has become quite different, as it is both highly public and has potential for significant impact to the overall stability of the Internet number registry system and thus to ARIN and its community.
Perhaps what's needed is for parties to be able to move their allocations to a different RIR if they don't like the service their incumbent RIR is providing.
I’d expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
Indeterminate at this time, since a “Freezing Order" issued via ex party hearing doesn’t actually test the strength of the arguments, as the affected party is not present to respond. It is only when the case for the validation of the order is heard that the strength of the arguments could possibly be assessed. Note - the full list of cases filed are here <https://afrinic.net/court-cases <https://afrinic.net/court-cases>> for reference.
That's interesting, but that normally one would expect the bar for such and ex-parte order to be high. I'm not familiar with the Mauritius legal system; I do know it's some combination of common law and french law, but it's generally stable/impartial for business law. What we really need is a groklaw-type that could take this up. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
John Curran wrote:
Indeterminate at this time, since a “Freezing Order" issued via ex party hearing doesn’t actually test the strength of the arguments, as the affected party is not present to respond. It is only when the case for the validation of the order is heard that the strength of the arguments could possibly be assessed. Note - the full list of cases filed are here <https://afrinic.net/court-cases <https://afrinic.net/court-cases>> for reference.
Then, several years will be lost if we wait Mauritius court settle the issue. A quick fix for the international internet community can be to abandon AfriNIC and establish, outside of Mauritius, a new entity, which may employ current AfriNIC employers, recognized by the international internet community. Masataka Ohta
On Aug 28, 2021, at 10:02 , Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
John Curran wrote:
Indeterminate at this time, since a “Freezing Order" issued via ex party hearing doesn’t actually test the strength of the arguments, as the affected party is not present to respond. It is only when the case for the validation of the order is heard that the strength of the arguments could possibly be assessed. Note - the full list of cases filed are here <https://afrinic.net/court-cases <https://afrinic.net/court-cases>> for reference.
I believe John is referring to the original ex parte order. However, this ignores that AFRINIC got a hearing on the merits when they sought a variance to the order. As AFRINIC announced, they did not get the variance they sought, though the judge did grant them access to some limited funds on a one time exceptional basis. Therefore, the implication that the merits have not been evaluated is not entirely true.
Then, several years will be lost if we wait Mauritius court settle the issue.
A quick fix for the international internet community can be to abandon AfriNIC and establish, outside of Mauritius, a new entity, which may employ current AfriNIC employers, recognized by the international internet community.
I think this would be complicated and that the Mauritius court might take a dim view of the assets fo AFRINIC trying to leave the country in the dead of night to avoid court proceedings. Owen
Owen DeLong wrote:
Then, several years will be lost if we wait Mauritius court settle the issue.
A quick fix for the international internet community can be to abandon AfriNIC and establish, outside of Mauritius, a new entity, which may employ current AfriNIC employers, recognized by the international internet community.
I think this would be complicated
If ICANN is not yet compromised, it should be simple.
and that the Mauritius court might take a dim view of the assets fo AFRINIC trying to leave the country in the dead of night to avoid court proceedings.
I said "abandon AfriNIC". So? Masataka Ohta
I am kind of curious of the ICANN/IANA position on this? On Sat, Aug 28, 2021 at 13:32 Masataka Ohta < mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong wrote:
Then, several years will be lost if we wait Mauritius court settle the issue.
A quick fix for the international internet community can be to abandon AfriNIC and establish, outside of Mauritius, a new entity, which may employ current AfriNIC employers, recognized by the international internet community.
I think this would be complicated
If ICANN is not yet compromised, it should be simple.
and that the Mauritius court might take a dim view of the assets fo AFRINIC trying to leave the country in the dead of night to avoid court proceedings.
I said "abandon AfriNIC". So?
Masataka Ohta
-- Mehmet +1-424-298-1903
Mehmet Akcin wrote:
I am kind of curious of the ICANN/IANA position on this?
https://afrinic.net/history In April 2005, ICANN accredited AFRINIC as the fifth Regional Internet Registry according to criteria defined in its ICP-2 document (criteria for the establishment of regional Internet registries). Masataka Ohta
I feel like some IP troll literally being able to shutter a regional registrar as part of a lawsuit should be a much bigger deal on this group... On Sat, Aug 28, 2021 at 11:49 PM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Mehmet Akcin wrote:
I am kind of curious of the ICANN/IANA position on this?
https://afrinic.net/history In April 2005, ICANN accredited AFRINIC as the fifth Regional Internet Registry according to criteria defined in its ICP-2 document (criteria for the establishment of regional Internet registries).
Masataka Ohta
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
+1 on the "pro" side to keep this topic in focus (even on the NANOG list). The community can not accept a situation where someone successfully stale a RIR in order to max profit (probably on the expense of the other [local] LIRs). I would very much like seeing updates on this matter here. imho, regards Vincentz
Am 29.08.2021 um 09:33 schrieb Mike Hale <eyeronic.design@gmail.com>:
I feel like some IP troll literally being able to shutter a regional registrar as part of a lawsuit should be a much bigger deal on this group...
On Sat, Aug 28, 2021 at 11:49 PM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Mehmet Akcin wrote:
I am kind of curious of the ICANN/IANA position on this?
https://afrinic.net/history In April 2005, ICANN accredited AFRINIC as the fifth Regional Internet Registry according to criteria defined in its ICP-2 document (criteria for the establishment of regional Internet registries).
Masataka Ohta
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
On Sun, Aug 29, 2021 at 12:33 PM Vincentz Petzholtz < v.petzholtz@syseleven.de> wrote:
+1 on the "pro" side to keep this topic in focus (even on the NANOG list). The community can not accept a situation where someone successfully stale a RIR in order to max profit
Considering Cloud Innovation contributes peanuts, literally a few thousand dollars as a resource member who figured, it's worthwhile operating a mini-RIR without operating any reasonably Internet Infrastructure anywhere.
(probably on the expense of the other [local] LIRs).
This is actually to the expense of the majority 1800 local LIR's across AFRICA who since the creation of AFRINIC have contributed to the currently frozen coffers through annual membership, and majority of who rightfully operate in Africa and have rightfully continued to support the advancement of the Internet in Africa for the benefit of the continent in the past 20 years that today, the impact of the Internet and communication has brought about fundamental change from a socio-economic perspective. Cheers, Noah
This whole discussion reminds me of the situation the security and vulnerability researchers often face from the corporate overlords. Why is noone talking about the real issue? Namely, how could a RIR be so easily shutdown by the courts with the jurisdiction? Why is this mailing list used to solicit donations for presumably the bigger party, which has evidently lost their day in court so far? How's that within NANOG AUP? Why are we blaming the party who has identified the faults of the system, and used these faults to some perceived advantage? Everyone knows that everyone else has been engaged in IP address arbitrage for a while anyways, how's this instance all that different? Just because it involves AfriNIC presumably many have ignored until now? Just because the smaller party has hired a good lawyer and has had a successful day in court so far? Why is this mailing list used to advocate interruption and termination of service by the cloud providers for unsuspecting third-parties? How convenient that we have courts on our side "usually", yet in this case they aren't, but that's okay, because the Mauritian courts must not be the good ones! Let's just revert to the vigilante system and prevent third-parties not to the dispute from receiving the service just because a "bad guy" happens to be an intermediary facilitator! Don't blame the player, blame the game. I read all these messages in this thread, plus John Curran's 2021-08-27 statement at teamarin.net, and I'm not convinced that the whole crowd going against a single player, who has law on their side so far, is a fair game here. Even more ironic is that John alleges CI couldn't justify an ARIN allocation because "business activities outside of the ARIN service region", only to go on and complain in the very next paragraph about the announcement of the AfriNIC address space from within the United States (i.e., actual proof of use within ARIN service region). It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute. C.
On 8/29/21 11:42, Constantine A. Murenin wrote:
It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute.
The end users are an indirect party. Assume someone were in the business of stealing cars, forging their titles, and selling them to innocent third parties. A police officer pulling someone over for speeding might compare the VIN on the title to that on the car and discover that it was stolen. The stolen property would be returned to its owner and the end user purchaser would be out of luck other than having recourse against the thief. The same principle applies to someone who innocently accepts counterfeit money. If the Internet community as a whole or significant players therein were to treat these number resources as stolen property fraudulently obtained under false pretenses and stop routing those netblocks, the end users would indeed suffer just like the person who unwittingly bought a stolen car or accepted a counterfeit bill. The end user would pursue recourse against the party who rented or sold the fraudulently obtained netblocks and the business model of obtaining number resources under false pretenses solely to rent or resell at a profit would collapse. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On 29/08/2021, Jay Hennigan <jay@west.net> wrote:
On 8/29/21 11:42, Constantine A. Murenin wrote:
It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute.
The end users are an indirect party.
Assume someone were in the business of stealing cars, forging their titles, and selling them to innocent third parties. A police officer pulling someone over for speeding might compare the VIN on the title to that on the car and discover that it was stolen. The stolen property would be returned to its owner and the end user purchaser would be out of luck other than having recourse against the thief.
The same principle applies to someone who innocently accepts counterfeit money.
If the Internet community as a whole or significant players therein were to treat these number resources as stolen property fraudulently obtained under false pretenses and stop routing those netblocks, the end users would indeed suffer just like the person who unwittingly bought a stolen car or accepted a counterfeit bill. The end user would pursue recourse against the party who rented or sold the fraudulently obtained netblocks and the business model of obtaining number resources under false pretenses solely to rent or resell at a profit would collapse.
But it is up to the courts to decide whether or not the property was obtained under false pretences. The situation is more akin to buying a car from an authorised dealer, and then the dealer having a dispute with the manufacturer, or the manufacturer having a dispute with a supplier. A business dispute doesn't suddenly make the item you have the title for to be stolen property, now does it? What you're advocating for is hiring a hitman to take care of the problem outside of the justice system, to take things by force which are not yours for the taking, just because you don't like the business authorised dealers are in. Please don't; the courts are already looking into the business dispute. Plus, you keep ignoring the fact that everyone else is already reselling IP address space from other RIRs, why is Cloud Innovation Ltd and AfriNIC space resale suddenly treated differently here? Please have some respect for the Mauritian court that's already handling this business dispute. It sounds like the whole situation with the asset freeze could have been avoided had AfriNIC not engaged in contempt of court to start with; surely having more contempt of court is not the solution here, now is it? C.
It sounds like the whole situation with the asset freeze could have been avoided had AfriNIC not engaged in contempt of court to start with; surely having more contempt of court is not the solution here, now is it?
I'm sorry, in what universe is discussing the situation on a mailing list contempt of the Mauritian courts? Please. Also, your facts are incorrect. - CI filed for an injunction to prevent AFRINIC from reclaiming the IPs in question. - AFRINIC was warned by the courts, but did comply with said injunction on July 15th. At that point, the dispute over AFRINIC's policy enforcement action can, and should, have been handled in the courts. If this is as far as it went until the matter was settled in court, I think most all would agree there's not much of an issue/ But what happened next? https://cloudinnovation.org/press-release.html#Attachment-C CI filed an AFFIDAVIT alleging monetary damage allowing them to garnish AFRINIC's assets. An AFFIDAVIT. That's it. It begs an interesting question; how was CI harmed to the tune of $50M USD when , at that point: - AFRINIC was enjoined from terminating CI's membership - AFRINIC was enjoined from reclaiming the IP resources assigned to CI It likely goes to the heart of what we SHOULD care about; CI most likely claimed that the IP blocks were their 'property' and worth $50M, even though the matter of 'is an IP allocation property' is not settled law. We all know that the courts are often far behind technology, so this isn't surprising. By taking this action, CI is clearly trying to kneecap AFRINIC from being able to properly defend itself in court. Again, we should all care about this, because if it becomes legal precedent that 'IP allocations are property of the assignee' , an RIR attempt to reclaim them becomes a much more complex issue that could have wide ranging impact to the system at large, On Sun, Aug 29, 2021 at 11:51 PM Constantine A. Murenin <mureninc@gmail.com> wrote:
On 29/08/2021, Jay Hennigan <jay@west.net> wrote:
On 8/29/21 11:42, Constantine A. Murenin wrote:
It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute.
The end users are an indirect party.
Assume someone were in the business of stealing cars, forging their titles, and selling them to innocent third parties. A police officer pulling someone over for speeding might compare the VIN on the title to that on the car and discover that it was stolen. The stolen property would be returned to its owner and the end user purchaser would be out of luck other than having recourse against the thief.
The same principle applies to someone who innocently accepts counterfeit money.
If the Internet community as a whole or significant players therein were to treat these number resources as stolen property fraudulently obtained under false pretenses and stop routing those netblocks, the end users would indeed suffer just like the person who unwittingly bought a stolen car or accepted a counterfeit bill. The end user would pursue recourse against the party who rented or sold the fraudulently obtained netblocks and the business model of obtaining number resources under false pretenses solely to rent or resell at a profit would collapse.
But it is up to the courts to decide whether or not the property was obtained under false pretences.
The situation is more akin to buying a car from an authorised dealer, and then the dealer having a dispute with the manufacturer, or the manufacturer having a dispute with a supplier. A business dispute doesn't suddenly make the item you have the title for to be stolen property, now does it?
What you're advocating for is hiring a hitman to take care of the problem outside of the justice system, to take things by force which are not yours for the taking, just because you don't like the business authorised dealers are in. Please don't; the courts are already looking into the business dispute. Plus, you keep ignoring the fact that everyone else is already reselling IP address space from other RIRs, why is Cloud Innovation Ltd and AfriNIC space resale suddenly treated differently here? Please have some respect for the Mauritian court that's already handling this business dispute. It sounds like the whole situation with the asset freeze could have been avoided had AfriNIC not engaged in contempt of court to start with; surely having more contempt of court is not the solution here, now is it?
C.
On Aug 29, 2021, at 12:48 , Jay Hennigan <jay@west.net> wrote:
On 8/29/21 11:42, Constantine A. Murenin wrote:
It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute.
The end users are an indirect party.
Assume someone were in the business of stealing cars, forging their titles, and selling them to innocent third parties. A police officer pulling someone over for speeding might compare the VIN on the title to that on the car and discover that it was stolen. The stolen property would be returned to its owner and the end user purchaser would be out of luck other than having recourse against the thief.
The same principle applies to someone who innocently accepts counterfeit money.
Sure, but that’s not exactly what happened here. There’s a limit to what I can say, but the already public facts show that: AFRINIC started this fight by threatening to revoke Cloud Innovations address space. Cloud Innovation is disputing this revocation on the basis that it has not violated the RSA, CPM, or Bylaws as they are written. AFRINIC has a history of making up process as they go along and violating their own rules whenever it suits them. AFRINIC has violated court orders and acted in bad faith at virtually every opportunity in this process. As such, I think vigilante action and/or trying this case here on NANOG is probably not the best idea. I realize it’s easy to sympathize with John and he puts forth a good story, but there is more to the story than what John has represented here. Owen
On 8/30/21 08:39, Owen DeLong via NANOG wrote:
As such, I think vigilante action and/or trying this case here on NANOG is probably not the best idea.
Nor is jeopardizing, and probably ruining, the livelihoods of people who have families at home to feed, in a time when jobs are scarce and dwindling. Mark.
On Mon, Aug 30, 2021 at 3:39 AM Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Aug 29, 2021, at 12:48 , Jay Hennigan <jay@west.net> wrote:
On 8/29/21 11:42, Constantine A. Murenin wrote:
It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute.
The end users are an indirect party.
Assume someone were in the business of stealing cars, forging their titles, and selling them to innocent third parties. A police officer pulling someone over for speeding might compare the VIN on the title to that on the car and discover that it was stolen. The stolen property would be returned to its owner and the end user purchaser would be out of luck other than having recourse against the thief.
The same principle applies to someone who innocently accepts counterfeit money.
Sure, but that’s not exactly what happened here. There’s a limit to what I can say, but the already public facts show that:
AFRINIC started this fight by threatening to revoke Cloud Innovations address space.
Cloud Innovation is disputing this revocation on the basis that it has not violated the RSA, CPM, or Bylaws as they are written.
AFRINIC has a history of making up process as they go along and violating their own rules whenever it suits them.
Are you saying that there was no AFRINIC policy at allocation time that prevented usage outside Africa ?
AFRINIC has violated court orders and acted in bad faith at virtually every opportunity in this process.
Nope, see Tom's message right before this one.
As such, I think vigilante action and/or trying this case here on NANOG is probably not the best idea. I realize it’s easy to sympathize with John and he puts forth a good story, but there is more to the story than what John has represented here.
It's not just John as you have seen by now. And besides the case merits, the main issue is CI trying to win by suffocation. And that's why carpet bombing those IP blocks might be needed so the next scumbag doesn't try the same trick with someone else. Rubens
On Aug 30, 2021, at 06:30, Rubens Kuhl <rubensk@gmail.com> wrote:
On Mon, Aug 30, 2021 at 3:39 AM Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Aug 29, 2021, at 12:48 , Jay Hennigan <jay@west.net> wrote:
On 8/29/21 11:42, Constantine A. Murenin wrote:
It would seem reasonable to leave the whole issue up to the courts, instead of engaging in contempt of foreign courts, and to stop the vigilante justice against any of the parties, especially the end users who are not even a party to this whole dispute.
The end users are an indirect party.
Assume someone were in the business of stealing cars, forging their titles, and selling them to innocent third parties. A police officer pulling someone over for speeding might compare the VIN on the title to that on the car and discover that it was stolen. The stolen property would be returned to its owner and the end user purchaser would be out of luck other than having recourse against the thief.
The same principle applies to someone who innocently accepts counterfeit money.
Sure, but that’s not exactly what happened here. There’s a limit to what I can say, but the already public facts show that:
AFRINIC started this fight by threatening to revoke Cloud Innovations address space.
Cloud Innovation is disputing this revocation on the basis that it has not violated the RSA, CPM, or Bylaws as they are written.
AFRINIC has a history of making up process as they go along and violating their own rules whenever it suits them.
Are you saying that there was no AFRINIC policy at allocation time that prevented usage outside Africa ?
Not only then, but now as well. The only such policy in the CPM is enshrined within the soft landing policy and applies only to registrations made after exhaustion phase 1 started.
AFRINIC has violated court orders and acted in bad faith at virtually every opportunity in this process.
Nope, see Tom's message right before this one.
The court ordered AFRINIC to reinstate cloud innovation on the 13th. They deliberately delayed until the 15th hoping to win a hearing that morning. They did not get what they wanted, instead being admonished by the judge.
As such, I think vigilante action and/or trying this case here on NANOG is probably not the best idea. I realize it’s easy to sympathize with John and he puts forth a good story, but there is more to the story than what John has represented here.
It's not just John as you have seen by now. And besides the case merits, the main issue is CI trying to win by suffocation. And that's why carpet bombing those IP blocks might be needed so the next scumbag doesn't try the same trick with someone else.
This is neither a fair nor accurate portrayal of the situation. Further, by acting as it had, AFRINIC was the one which tried to suffocate CI first. You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy. If the community doesn’t like that fact, there is a process to change the policies. Terminating a member based on rules which don’t actually exist, on the other hand sets a very dangerous and corrupt precedent and is a threat to the trust we all want to have in the RIR system. Owen
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
This is neither a fair nor accurate portrayal of the situation. Further, by acting as it had, AFRINIC was the one which tried to suffocate CI first.
Yeah... look ma, he started it...
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy. If the community doesn’t like that fact, there is a process to change the policies. Terminating a member based on rules which don’t actually exist, on the other hand sets a very dangerous and corrupt precedent and is a threat to the trust we all want to have in the RIR system.
AFRINIC were stopped from revoking the space. End of. Move on to the next thing that does not spite your face. But alas, the next thing - as you rightly say, to fix this via policy or some other consensus-based method - is not possible because the very organization for which the policies must be designed isn't sure if it will be working the next minute. The logic is sound. Mark.
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity. But hey, you have to eat. Mark.
NANOG Mail list users, This thread has had a few twists and turns, as well as ups and downs. So I am taking a moment on behalf of the admins to remind everyone here of the Usage Guidelines <https://www.nanog.org/resources/nanog-mailing-list/usage-guidelines/>. First and foremost - please report to admins@nanog.org <mailto:admins@nanog.org> a concern about violation of the guidelines. Using the list to argue about violations is not appropriate. Secondly - there have been entirely too many messages in this thread that are in violation of guideline number 6, specifically with comments that are defamatory, abusive, or lack respect for other participants. Finally - the NANOG mail list is not the place to conduct a trial. (See guidelines number 8.) Should you have any questions/concerns about this reminder, please send a message to admins@nanog.org <mailto:admins@nanog.org> Valerie Wittkop Program Director vwittkop@nanog.org | +1 734-730-0225 (mobile) | www.nanog.org NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
Please be mindful of usage guideline number 6 - Behavior or posts that are defamatory, abusive, profane, threatening, or include foul language, character assassination, and lack of respect for other participants are prohibited. Valerie Wittkop Program Director vwittkop@nanog.org | +1 734-730-0225 (mobile) | www.nanog.org NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 10:44 AM, Mark Tinka <mark@tinka.africa> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
But hey, you have to eat.
Mark.
My apologies to Mark - I sent a message in error to the full list that should have been sent privately. Valerie Wittkop Program Director vwittkop@nanog.org | +1 734-730-0225 (mobile) | www.nanog.org NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 11:17 AM, Valerie Wittkop <vwittkop@nanog.org> wrote:
Please be mindful of usage guideline number 6 - Behavior or posts that are defamatory, abusive, profane, threatening, or include foul language, character assassination, and lack of respect for other participants are prohibited.
Valerie Wittkop Program Director vwittkop@nanog.org <mailto:vwittkop@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org/> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 10:44 AM, Mark Tinka <mark@tinka.africa <mailto:mark@tinka.africa>> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
But hey, you have to eat.
Mark.
No stress, Valerie. I kind of new it was borderline. I mean no disrespect. It just irks me that non-African entities are coming into Africa to cause unnecessary and unneeded problems, for Africa. Mark. On 8/30/21 17:17, Valerie Wittkop wrote:
My apologies to Mark -
I sent a message in error to the full list that should have been sent privately.
Valerie Wittkop Program Director vwittkop@nanog.org <mailto:vwittkop@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 11:17 AM, Valerie Wittkop <vwittkop@nanog.org <mailto:vwittkop@nanog.org>> wrote:
Please be mindful of usage guideline number 6 - Behavior or posts that are defamatory, abusive, profane, threatening, or include foul language, character assassination, and *lack of respect *for other participants are prohibited.
Valerie Wittkop Program Director vwittkop@nanog.org <mailto:vwittkop@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org/> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 10:44 AM, Mark Tinka <mark@tinka.africa <mailto:mark@tinka.africa>> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
But hey, you have to eat.
Mark.
No stress, Valerie. I kind of knew it was borderline. I mean no disrespect. It just irks me that non-African entities are coming into Africa to cause unnecessary and unneeded problems, for Africa. Mark. On 8/30/21 17:17, Valerie Wittkop wrote:
My apologies to Mark -
I sent a message in error to the full list that should have been sent privately.
Valerie Wittkop Program Director vwittkop@nanog.org <mailto:vwittkop@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 11:17 AM, Valerie Wittkop <vwittkop@nanog.org <mailto:vwittkop@nanog.org>> wrote:
Please be mindful of usage guideline number 6 - Behavior or posts that are defamatory, abusive, profane, threatening, or include foul language, character assassination, and *lack of respect *for other participants are prohibited.
Valerie Wittkop Program Director vwittkop@nanog.org <mailto:vwittkop@nanog.org> | +1 734-730-0225 (mobile) | www.nanog.org <http://www.nanog.org/> NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Aug 30, 2021, at 10:44 AM, Mark Tinka <mark@tinka.africa <mailto:mark@tinka.africa>> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
But hey, you have to eat.
Mark.
On Aug 30, 2021, at 07:44 , Mark Tinka <mark@tinka.africa> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
Yes… Because it is permitted by the rules as they exist. Just as I would fight for the rights of those I disagree with to express their views in the US under the first amendment rights granted by the US Constitution. If one is to believe in the rule of law, one must not attempt to distort the law to punish those you do not like if they are compliant with the law. Instead, work through the legitimate processes as they exist to change the laws. There are a variety of possible ways in which the AFRINIC community could develop legitimate policies which would be problematic for the business model of Cloud Innovation (or at least require some changes to their business practices). However, no such policy has yet come to consensus and attempting to inflict policies which don’t exist on any resource member and revoke that member’s resources according to said non-existent policies is just plain wrong. As I have stated before, I think that AFRINIC’s willing to engage in practices not supported by the bylaws, CPM, or RSA is the greater threat to the RIR system, so I oppose AFRINIC on that basis. Quite literally, IMHO, in the interests of this very community. I get that it’s popular to dislike Lu. He’s not a particularly likable guy at first blush. He’s arrogant, profit focused, and comes from a non-technical business background. But this isn’t a popularity contest. This is about the very soul of the AFRINIC and whether we want an organization that operates according to its governing documents, or one which substitutes the ideology and judgment of its staff in place of the guidance from the community in order to carry out a vendetta against a member that is unpopular. So yes, I continue to work for and support Lu in this capacity because in this case, I believe AFRINIC has overstepped its mandate and acted contrary to its own policies and bylaws as they are written. I am standing up for what I believe to be right, even though I don’t particularly like the side that puts me on in this case. I tried my best to make this clear before things escalated. I did everything I could to avert this escalation, but I faced even more problematic egos on the AFRINIC side than on the Cloud Innovation side. I am here doing what I am doing because I have ethics and morals. Because even though I often disagree with Lu, in this case, he happens to be right and AFRINIC must not be allowed to act so irresponsibly in this matter. Owen
Owen, On Tue, 31 Aug 2021, 02:10 Owen DeLong via NANOG, <nanog@nanog.org> wrote:
On Aug 30, 2021, at 07:44 , Mark Tinka <mark@tinka.africa> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
Yes… Because it is permitted by the rules as they exist.
Cloud Innovation your employer is in the business of leasing IPv4 addresses in Asia, USA and Europe etc. AFRINIC has never permitted this and Ashil from AFRINIC publicly stated as such in the below archived thread. https://lists.afrinic.net/pipermail/community-discuss/2021-February/003907.h... You always claim policy blah blah blah in your defence of Cloud Innovation Ltd and Larus business model. But there it is. AFRINIC has never approved any IPv4 space for purposes of leasing them for money as through they were a product. Noah
On Aug 30, 2021, at 16:19 , Noah <noah@neo.co.tz> wrote:
Owen,
On Tue, 31 Aug 2021, 02:10 Owen DeLong via NANOG, <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
On Aug 30, 2021, at 07:44 , Mark Tinka <mark@tinka.africa> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
Yes… Because it is permitted by the rules as they exist.
Cloud Innovation your employer is in the business of leasing IPv4 addresses in Asia, USA and Europe etc.
Not my employer, my client.
AFRINIC has never permitted this and Ashil from AFRINIC publicly stated as such in the below archived thread.
Yet their policies do not prohibit it. If you can find someplace where it is actually documented as a violation of policy, then by all means, provide that, but you have so far failed to do so despite repeatedly bringing up this argument. It’s simply not sufficient to say “they never allowed this” if it’s not prohibited by actual policy.
https://lists.afrinic.net/pipermail/community-discuss/2021-February/003907.h... <https://lists.afrinic.net/pipermail/community-discuss/2021-February/003907.html>
You always claim policy blah blah blah in your defence of Cloud Innovation Ltd and Larus business model.
But there it is. AFRINIC has never approved any IPv4 space for purposes of leasing them for money as through they were a product.
Except that they have and do every day… ISPs all lease IPv4 space for money. That’s what they do with them. They certainly don’t use them exclusively on their own networks… They lease them to their customers. The key difference between the majority of them and Cloud Innovation is that most of them also include connectivity service in the lease and/or provide the lease in conjunction with some form of connectivity service. However, there’s nothing in the policy manual or the bylaws to support a requirement that leasing and connectivity be tied to each other. Owen
On Tue, 31 Aug 2021, 03:08 Owen DeLong, <owen@delong.com> wrote:
On Aug 30, 2021, at 16:19 , Noah <noah@neo.co.tz> wrote:
Owen,
On Tue, 31 Aug 2021, 02:10 Owen DeLong via NANOG, <nanog@nanog.org> wrote:
On Aug 30, 2021, at 07:44 , Mark Tinka <mark@tinka.africa> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
Yes… Because it is permitted by the rules as they exist.
Cloud Innovation your employer is in the business of leasing IPv4 addresses in Asia, USA and Europe etc.
Not my employer, my client.
AFRINIC has never permitted this and Ashil from AFRINIC publicly stated as such in the below archived thread.
Yet their policies do not prohibit it.
AFRINIC policies are developed by the community in-line with AFRINIC constitution and related RSA is signed by resource members in-line with the AFRINIC constitution which enshrines the objectives of AFRINIC as the RIR for Africa region. If you can find someplace where it is actually documented as a violation of
policy, then by all means, provide that, but you have so far failed to do so despite repeatedly bringing up this argument.
I will quote from the AFRINIC bylaws (constution) here https://afrinic.net/bylaws/ 3.4) The Company shall have, both within and outside the Republic of Mauritius, full capacity to carry and/or undertake any business or activity, including but not limited to the following objects: 1. to provide the service of allocating and registering Internet resources for the purposes of enabling communications via open system network protocols and to assist in the development and growth of the Internet in the African region; 2. to promote the representation of AFRINIC membership and the Internet community of the African region by ensuring open and transparent communication and consensus-driven decision-making processes; 3. to promote responsible management of Internet resources throughout the African region, as well as the responsible development and operation of Internet infrastructures;
It’s simply not sufficient to say “they never allowed this” if it’s not prohibited by actual policy.
Allocation policies are such that resource members abide by the AFRINIC constitution. See above section 3.4 and the relevant subsections that refer to management of number resource in reference to Africa region.
https://lists.afrinic.net/pipermail/community-discuss/2021-February/003907.h...
You always claim policy blah blah blah in your defence of Cloud Innovation Ltd and Larus business model.
But there it is. AFRINIC has never approved any IPv4 space for purposes of leasing them for money as through they were a product.
Except that they have and do every day… ISPs all lease IPv4 space for money. That’s what they do with them. They certainly don’t use them exclusively on their own networks… They lease them to their customers.
AFRINIC has never approved IPv4 for purposes of leasing. There is a public statement to this effect.
The key difference between the majority of them and Cloud Innovation is that most of them also include connectivity service in the lease and/or provide the lease in conjunction with some form of connectivity service. However, there’s nothing in the policy manual or the bylaws to support a requirement that leasing and connectivity be tied to each other.
What justification did Cloud Innovation provide to AFRINIC when requesting for those millions of IPs? Cheers Noah
Owen
On Aug 31, 2021, at 00:44 , Noah <noah@neo.co.tz> wrote:
On Tue, 31 Aug 2021, 03:08 Owen DeLong, <owen@delong.com <mailto:owen@delong.com>> wrote:
On Aug 30, 2021, at 16:19 , Noah <noah@neo.co.tz <mailto:noah@neo.co.tz>> wrote:
Owen,
On Tue, 31 Aug 2021, 02:10 Owen DeLong via NANOG, <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
On Aug 30, 2021, at 07:44 , Mark Tinka <mark@tinka.africa <mailto:mark@tinka.africa>> wrote:
On 8/30/21 16:19, Owen DeLong via NANOG wrote:
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy.
And yet you continue to work for and support him in this capacity.
Yes… Because it is permitted by the rules as they exist.
Cloud Innovation your employer is in the business of leasing IPv4 addresses in Asia, USA and Europe etc.
Not my employer, my client.
AFRINIC has never permitted this and Ashil from AFRINIC publicly stated as such in the below archived thread.
Yet their policies do not prohibit it.
AFRINIC policies are developed by the community in-line with AFRINIC constitution and related RSA is signed by resource members in-line with the AFRINIC constitution which enshrines the objectives of AFRINIC as the RIR for Africa region.
Yes. And currently, those policies do not prohibit or place any limitations on out of region use except those enshrined in the soft landing policy. An attempt was made to create a policy several years ago to prohibit or restrict out of region use. That proposal did not receive general support from the community and was eventually withdrawn by the author.
If you can find someplace where it is actually documented as a violation of policy, then by all means, provide that, but you have so far failed to do so despite repeatedly bringing up this argument.
I will quote from the AFRINIC bylaws (constution) here https://afrinic.net/bylaws/ <https://afrinic.net/bylaws/> 3.4) The Company shall have, both within and outside the Republic of Mauritius, full capacity to carry and/or undertake any business or activity, including but not limited to the following objects:
to provide the service of allocating and registering Internet resources for the purposes of enabling communications via open system network protocols and to assist in the development and growth of the Internet in the African region; to promote the representation of AFRINIC membership and the Internet community of the African region by ensuring open and transparent communication and consensus-driven decision-making processes; to promote responsible management of Internet resources throughout the African region, as well as the responsible development and operation of Internet infrastructures;
Yes:
to provide the service of allocating and registering Internet resources for the purposes of enabling communications via open system network protocols
Which covers what Cloud Innovation is doing, so is allowed by the bylaws…
and to assist in the development and growth of the Internet in the African region; This creates an additional capability for AFRINIC, but in no way imposes a restriction on its members.
The same can be said of clauses 2 and 3. As written, this section of the bylaws is clearly written to define the key obligations and responsibilities of the company (AFRINIC). Other than possibly the first item, as covered above, there is nothing here which restricts or inhibits the conduct of AFRINIC’s members.
It’s simply not sufficient to say “they never allowed this” if it’s not prohibited by actual policy.
Allocation policies are such that resource members abide by the AFRINIC constitution.
Yes… Which Cloud Innovation has done.
See above section 3.4 and the relevant subsections that refer to management of number resource in reference to Africa region.
As I have shown, section 3.4 does not impose the restrictions you appear to think it does. The plain text reading of the language in section 3.4 is the obligations and/or duties imposed on AFRINIC. It does not extend those obligations or duties to AFRINIC’s members.
https://lists.afrinic.net/pipermail/community-discuss/2021-February/003907.h... <https://lists.afrinic.net/pipermail/community-discuss/2021-February/003907.html>
You always claim policy blah blah blah in your defence of Cloud Innovation Ltd and Larus business model.
But there it is. AFRINIC has never approved any IPv4 space for purposes of leasing them for money as through they were a product.
Except that they have and do every day… ISPs all lease IPv4 space for money. That’s what they do with them. They certainly don’t use them exclusively on their own networks… They lease them to their customers.
AFRINIC has never approved IPv4 for purposes of leasing. There is a public statement to this effect.
Yes. Nonetheless, it does not change the fact that every LIR that is a resource member of AFRINIC leases IPV4 addresses every day, nor does it change the fact that every allocation AFRINIC has ever issued to any LIR has been for the purpose of leasing them to customers. It’s just one of many false public statements made by AFRINIC staff in the past several years. Owen
]
AFRINIC has never approved IPv4 for purposes of leasing. There is a public statement to this effect.
Yes. Nonetheless, it does not change the fact that every LIR that is a resource member of AFRINIC leases IPV4 addresses every day, nor does it change the fact that every allocation AFRINIC has ever issued to any LIR has been for the purpose of leasing them to customers. It’s just one of many false public statements made by AFRINIC staff in the past several years.
And yet, you still haven't answered whether the IPv4 application was made informing AfriNIC that no connectivity services would be provided. Rubens
On Mon, 2021-08-30 at 16:08 -0700, Owen DeLong via NANOG wrote:
I am here doing what I am doing because I have ethics and morals. Because even though I often disagree with Lu, in this case, he happens to be right and AFRINIC must not be allowed to act so irresponsibly in this matter.
Owen
Amen. Sucks to be moral. But at the end of the day, you have to go to sleep and say I did what was moral. To me, that is NANOG.
Owen On Tue, 31 Aug 2021, 02:10 Owen DeLong via NANOG, <nanog@nanog.org> wrote:
So yes, I continue to work for and support Lu in this capacity because in this case, I believe AFRINIC has overstepped its mandate
If you believe, then we leave it at that. Its beliefs. and acted contrary to its own policies and bylaws as they are written. AFRINIC has never approved IPv4 for the purpose of leasing them as some product in the manner in which your employer Larus/CIL does. This is why, both you and Lu have been asked a simple question which is... Is the purpose for which you are using the IPs today (leasing them for a dollar), the same purpose for which your justified the needs when you first applied for them from AFRINIC? Yes or No? Noah
On Aug 30, 2021, at 16:32 , Noah <noah@neo.co.tz> wrote:
Owen
On Tue, 31 Aug 2021, 02:10 Owen DeLong via NANOG, <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
So yes, I continue to work for and support Lu in this capacity because in this case, I believe AFRINIC has overstepped its mandate
If you believe, then we leave it at that. Its beliefs.
Sigh… I’m not sure why so many on your side get wrapped up in this word believe as if it is somehow exclusive to religion. Pick whichever of the following leading works for you: I am convinced that: It is my opinion that: The facts show that: A plaintext reading of the AFRINIC governing documents shows that: []: AFRINIC has overstepped its mandate and acted contrary to its own policies and bylaws as they are written.
AFRINIC has never approved IPv4 for the purpose of leasing them as some product in the manner in which your employer Larus/CIL does.
You continue to call Cloud Innovation my employer… They are my Client, not my employer. AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR. Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services. However, there’s no such policy requirement in the AFRINIC governing documents. Owen
AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services.
Which is why CI informed AfriNIC in their request that they were going to have no network and provide connectivity-less services to CI customers, right ?
However, there’s no such policy requirement in the AFRINIC governing documents.
All RIRs were subject to RFC 2050, now RFC 7020, which states: "1) Allocation Pool Management: Due to the fixed lengths of IP addresses and AS numbers, the pools from which these resources are allocated are finite. As such, allocations must be made in accordance with the operational needs of those running the networks that make use of these number resources and by taking into consideration pool limitations at the time of allocation." If there is no network, there is no use of such number resources. Rubens
On Aug 30, 2021, at 18:00 , Rubens Kuhl <rubensk@gmail.com> wrote:
AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services.
Which is why CI informed AfriNIC in their request that they were going to have no network and provide connectivity-less services to CI customers, right ?
However, there’s no such policy requirement in the AFRINIC governing documents.
All RIRs were subject to RFC 2050, now RFC 7020, which states: "1) Allocation Pool Management: Due to the fixed lengths of IP addresses and AS numbers, the pools from which these resources are allocated are finite. As such, allocations must be made in accordance with the operational needs of those running the networks that make use of these number resources and by taking into consideration pool limitations at the time of allocation."
If there is no network, there is no use of such number resources.
This is a clear misreading of RFC-2050 and later RFC-7020. No RIR is subject to them. They are purported to, I quote: This document provides information about the current Internet Numbers Registry System used in the distribution of globally unique Internet Protocol (IP) address space and autonomous system (AS) numbers. This document also provides information about the processes for further evolution of the Internet Numbers Registry System. This document replaces RFC 2050 <https://datatracker.ietf.org/doc/html/rfc2050>. This document does not propose any changes to the current Internet Numbers Registry System. Rather, it documents the Internet Numbers Registry System as it works today. As such, errata notwithstanding (for example, it misleadingly claims that multi-regional entities interact with multiple RIRs which is only sometimes true), RFC-7020 can’t be cited as imposing any rules upon RIRs and any case where its content differs from current reality represents errata in the RFC and not misconduct by the RIR or its members or customers. Owen
On Mon, 30 Aug 2021, Owen DeLong via NANOG wrote:
On Aug 30, 2021, at 18:00 , Rubens Kuhl <rubensk@gmail.com> wrote:
AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services.
Which is why CI informed AfriNIC in their request that they were going to have no network and provide connectivity-less services to CI customers, right ?
However, there’s no such policy requirement in the AFRINIC governing documents.
Sorry...I haven't been keeping up with all the messages in this thread, but assuming it's not already been brought up, what about this, which has been in the AfriNIC CPM since v0.1 (i.e. the beginning): "5.4.6.2 AFRINIC resources are for AFRINIC service region and any use outside the region should be solely in support of connectivity back to the AFRINIC region." I ran into issues years ago, trying to do an additional allocation request with ARIN, only to be told that usage of ARIN-allocated resources out-of-region did not count toward utilization due to some very vague language in the NRPM section 2.2 leading to the "invention" of unwritten policy. The issue with out of region use of ARIN-allocated resources was eventually resolved with a NRPM section being added explicitly allowing it. AfriNIC's policy is not at all vague on the matter that their resources are to be used in or to support connectivity in the AFRINIC region.
From what I've read, Cloud Innovation primarily uses their AfriNIC IP resources out of region. How they managed to get a couple of /11s and /12s from AfriNIC seems to be a massive failure on the part of AfriNIC's staff, or did their business model radically change after so much space had been allocated?
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Aug 31, 2021, at 08:40 , Jon Lewis <jlewis@lewis.org> wrote:
On Mon, 30 Aug 2021, Owen DeLong via NANOG wrote:
On Aug 30, 2021, at 18:00 , Rubens Kuhl <rubensk@gmail.com> wrote:
AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services. Which is why CI informed AfriNIC in their request that they were going to have no network and provide connectivity-less services to CI customers, right ?
However, there’s no such policy requirement in the AFRINIC governing documents.
Sorry...I haven't been keeping up with all the messages in this thread, but assuming it's not already been brought up, what about this, which has been in the AfriNIC CPM since v0.1 (i.e. the beginning):
"5.4.6.2 AFRINIC resources are for AFRINIC service region and any use outside the region should be solely in support of connectivity back to the AFRINIC region."
That’s part of the soft landing policy and applies only to prefixes issued by AFRINIC after the beginning of exhaustion phase 1. It has been in the CPM since its first version, but the CPM is a relatively recent phenomenon at AFRINIC, having had scattered policy documents containing each adopted policy prior to that.
I ran into issues years ago, trying to do an additional allocation request with ARIN, only to be told that usage of ARIN-allocated resources out-of-region did not count toward utilization due to some very vague language in the NRPM section 2.2 leading to the "invention" of unwritten policy. The issue with out of region use of ARIN-allocated resources was eventually resolved with a NRPM section being added explicitly allowing it.
Correct.
AfriNIC's policy is not at all vague on the matter that their resources are to be used in or to support connectivity in the AFRINIC region.
Try again. AFRINIC’s soft landing policy is not at all vague about prefixes issued after soft landing exhaustion phase 1 began. This does not apply to any of the prefixes issued to Cloud Innovation.
From what I've read, Cloud Innovation primarily uses their AfriNIC IP resources out of region. How they managed to get a couple of /11s and /12s from AfriNIC seems to be a massive failure on the part of AfriNIC's staff, or did their business model radically change after so much space had been allocated?
Their business model has had to radically change to adapt to radically changing circumstances in the marketplace where they started. Owen
----- On Aug 31, 2021, at 8:40 AM, Jon Lewis jlewis@lewis.org wrote: Hi, [ I'm not affiliated with CI in any way, just playing the Devil's Advocate ]
"5.4.6.2 AFRINIC resources are for AFRINIC service region and any use outside the region should be solely in support of connectivity back to the AFRINIC region."
AfriNIC's policy is not at all vague on the matter that their resources are to be used in or to support connectivity in the AFRINIC region.
In all fairness, that is as ambiguous as it can be. What constitutes "support of connectivity back to the AfriNIC region"? It's easy to argue that CI is in full compliance with that since their assignment supports connectivity between users in Africa and their clients' services. In that case, only IP space used outside of Africa not advertised to the internet would be in violation. I'm not saying this is how it /should/ be read, I'm just saying that a plain text analysis of that section is not very restrictive. Now, obviously, most people on this list will agree with the assessment that, nicely put, CI is not complying with the /spirit/ of the policy. We all know why that language exists. So, as far as I can see now, this is a classical case of "you're not wrong, you're just an a^H^H^H^H^H^H". But again, IANAL, yet, and I can't comment on legal matters. In the end, it will be a judge that will rule who is in the wrong. Thanks, Sabri
On Tue, Aug 31, 2021 at 5:28 PM Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Aug 31, 2021, at 8:40 AM, Jon Lewis jlewis@lewis.org wrote:
Hi,
[ I'm not affiliated with CI in any way, just playing the Devil's Advocate ]
"5.4.6.2 AFRINIC resources are for AFRINIC service region and any use outside the region should be solely in support of connectivity back to the AFRINIC region."
AfriNIC's policy is not at all vague on the matter that their resources are to be used in or to support connectivity in the AFRINIC region.
In all fairness, that is as ambiguous as it can be. What constitutes "support of connectivity back to the AfriNIC region"?
I can try helping with that: in underserved regions it's not unusual for network services for that population to be physically hosted out of the region. For instance, if you have a hosting service that only accepts South African rands and your language options are Afrikaans and Zulu, you can credibly argue to AfriNIC that you are targeting its service region and are eligible for AfriNIC number resources. But you would need to be upfront with that, including mentioning that your upstreams are not from Africa and your installations won't be in Africa. Otherwise you applied for number resources under false pretenses, and will bear the risk of such. Rubens
----- On Aug 31, 2021, at 1:37 PM, Rubens Kuhl rubensk@gmail.com wrote: Hi Rubens,
On Tue, Aug 31, 2021 at 5:28 PM Sabri Berisha <sabri@cluecentral.net> wrote:
In all fairness, that is as ambiguous as it can be. What constitutes "support of connectivity back to the AfriNIC region"?
I can try helping with that: in underserved regions it's not unusual for network services for that population to be physically hosted out of the region. For instance, if you have a hosting service that only accepts South African rands and your language options are Afrikaans and Zulu, you can credibly argue to AfriNIC that you are targeting its service region and are eligible for AfriNIC number resources.
That is one (fair) interpretation. Also one that I didn't think of.
But you would need to be upfront with that, including mentioning that your upstreams are not from Africa and your installations won't be in Africa. Otherwise you applied for number resources under false pretenses, and will bear the risk of such.
Again, fair enough. And what happens if the same hosting company is struggling and now decides to offer its services to other regions as well? Are they now out of compliance and at risk to have their precious number resources revoked? My point is not that you are wrong (your interpretation of the clause is very reasonable). My point is that different people have a different understanding of the plain language of that clause. And that is assuming that it applies, as I believe that CI is arguing that it does not. When I did my MBA program, I had to take accounting classes. One of the key takeaways for me was the explanation for the need of accounting rules. Imagine two accountants discussing the value of the Golden Gate Bridge. The first accountant will estimate it at $120 million, while the second accountant will say $121 million. Both are fairly reasonable, and very close to each other. However, for accounting purposes, only one value can be used. Which one should be used? A similar issue is, from what I can see, going on here. How does one interpret the AfriNIC region clause? You come across as a very reasonable person, and I like to think that I am, too. Yet we have a different initial interpretation of the rules. I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them. Thanks, Sabri
But you would need to be upfront with that, including mentioning that your upstreams are not from Africa and your installations won't be in Africa. Otherwise you applied for number resources under false pretenses, and will bear the risk of such.
Again, fair enough. And what happens if the same hosting company is struggling and now decides to offer its services to other regions as well? Are they now out of compliance and at risk to have their precious number resources revoked?
If they will provide services to both the original region and different regions, they should apply to number resources from a region that does not have such restrictions, like the region where they physically host servers, and divide their provisioning between original regions and alternate regions.
My point is not that you are wrong (your interpretation of the clause is very reasonable). My point is that different people have a different understanding of the plain language of that clause. And that is assuming that it applies, as I believe that CI is arguing that it does not.
And they might have a point there, but I don't see them living up to whatever they wrote in their application for number resources.
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
That human cost came not from disagreement on the policies and contract provisions, but from a vengeful action of financial bullying. I saw my quota of questionable court decisions to automatically agree with whatever is decided in this case, even if CI loses, but the arguments from both sides will indeed be very interesting and useful to close out loopholes in the system. Rubens
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
That human cost came not from disagreement on the policies and contract provisions, but from a vengeful action of financial bullying.
Not to put too fine a point on this, but what human cost? There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were. Everyone else got paid for July. AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
I saw my quota of questionable court decisions to automatically agree with whatever is decided in this case, even if CI loses, but the arguments from both sides will indeed be very interesting and useful to close out loopholes in the system.
Only if they are ever able to be made public, which is a little iffy given the Mauritian court system. It may well be that only the final ruling is able to be made public. Owen
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
It's good that people are still being paid. That being said, while some may have the opinion that AFRINIC's actions have been 'objectionable' , others have the opinion that their actions were justified and proper. Does it not concern you at all that AFRINIC may be forced into a 'settlement' because they cannot access their funds due to a very dubious claim of damages? There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts. On Tue, Aug 31, 2021 at 6:59 PM Owen DeLong via NANOG <nanog@nanog.org> wrote:
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
That human cost came not from disagreement on the policies and contract provisions, but from a vengeful action of financial bullying.
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
I saw my quota of questionable court decisions to automatically agree with whatever is decided in this case, even if CI loses, but the arguments from both sides will indeed be very interesting and useful to close out loopholes in the system.
Only if they are ever able to be made public, which is a little iffy given the Mauritian court system. It may well be that only the final ruling is able to be made public.
Owen
On 9/1/21 13:21, Tom Beecher wrote:
There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts.
One would think... There are many African-based and African-led organizations that would go toe-to-toe with AFRINIC over any number of legal disagreements. But there is not a single African-based and African-led organization that would ever cut off AFRINIC's supply just for their own benefit, or to prove a point. None. I can't even say that it would impose less stress on us, Africans, if it was one of our own shooting ourselves in the foot in this way, because we do not have a culture of going against each other in the way that we are currently witnessing. It's not in our DNA. That a non-African entity and its posse are stumping their feet on the African continent in this way, and making poor people even poorer, is as diseased as it is rotten. Mark.
On Sep 1, 2021, at 5:56 AM, Mark Tinka <mark@tinka.africa> wrote:
On 9/1/21 13:21, Tom Beecher wrote:
There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts.
One would think...
There are many African-based and African-led organizations that would go toe-to-toe with AFRINIC over any number of legal disagreements. But there is not a single African-based and African-led organization that would ever cut off AFRINIC's supply just for their own benefit, or to prove a point. None.
I can't even say that it would impose less stress on us, Africans, if it was one of our own shooting ourselves in the foot in this way, because we do not have a culture of going against each other in the way that we are currently witnessing. It's not in our DNA.
That a non-African entity and its posse are stumping their feet on the African continent in this way, and making poor people even poorer, is as diseased as it is rotten.
As an American, holding legacy ARIN resources, there are times where I disagree with how they do things or how they’ve operated in the past…. However, I’d never be that daft to file a lawsuit against them with the obvious intention of trying to financially ruin/bankrupt them to get what I want, even if I was 100% within the legal right. I’d be internet enemy #1. I’d expect to be the target of nasty shit directed my way. I’d expect my netblocks to be globally black holed to all hell. I’d deserve every bit of it. People have long memories for things like this. I still harbor resentment towards NetSol over their hijacking of all non-existing domains to their site in the 2000s…
REMINDER from the admins… Please ensure your posts are topical, do not go against the Usage Guidelines <https://www.nanog.org/resources/nanog-mailing-list/usage-guidelines/>, and provide for an exchange of technical information and the discussion of specific implementation issues that require cooperation among network service providers. The Mailing List is not an appropriate platform to resolve personal issues, engage in disputes, or file complaints. Also, please ask yourself these three questions before posting - Does my email have operational/technical content? Would I be interested in reading this email? Would 12,864 other Internet engineers want to read this? And in case you missed our first message among the many messages. In this thread: This thread has had a few twists and turns, as well as ups and downs. So I am taking a moment on behalf of the admins to remind everyone here of the Usage Guidelines <https://www.nanog.org/resources/nanog-mailing-list/usage-guidelines/>. First and foremost - please report to admins@nanog.org <mailto:admins@nanog.org> a concern about violation of the guidelines. Using the list to argue about violations is not appropriate. Secondly - there have been entirely too many messages in this thread that are in violation of guideline number 6, specifically with comments that are defamatory, abusive, or lack respect for other participants. Finally - the NANOG mail list is not the place to conduct a trial. (See guidelines number 8.) Should you have any questions/concerns about this reminder, please send a message to admins@nanog.org <mailto:admins@nanog.org> Valerie Wittkop Program Director vwittkop@nanog.org | +1 734-730-0225 (mobile) | www.nanog.org NANOG | 305 E. Eisenhower Pkwy, Suite 100 | Ann Arbor, MI 48108, USA ASN 19230
On Sep 1, 2021, at 04:21 , Tom Beecher <beecher@beecher.cc> wrote:
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
It's good that people are still being paid.
That being said, while some may have the opinion that AFRINIC's actions have been 'objectionable' , others have the opinion that their actions were justified and proper. Does it not concern you at all that AFRINIC may be forced into a 'settlement' because they cannot access their funds due to a very dubious claim of damages?
I don’t think AFRINIC is being forced into anything. They attacked a member on the basis of violations of rules that don’t actually exist. The company retaliated by obtaining an injunction. AFRINIC managed to get the injunction temporarily lifted on a technicality (largely of AFRINIC’s making) and took an opportunity to make an existential attack on the member during that brief window of opportunity. AFRINIC then deliberately dragged their feet on complying with a court order restoring the injunction. As such, no, I’m really not concerned about AFRINIC’s ability to avoid settling and I utterly reject the idea that the claim of damages is at all dubious.
There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts.
Agreed. Please review the recent conduct of the AFRINIC board in detail in this context. Owen
On Tue, Aug 31, 2021 at 6:59 PM Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
That human cost came not from disagreement on the policies and contract provisions, but from a vengeful action of financial bullying.
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
I saw my quota of questionable court decisions to automatically agree with whatever is decided in this case, even if CI loses, but the arguments from both sides will indeed be very interesting and useful to close out loopholes in the system.
Only if they are ever able to be made public, which is a little iffy given the Mauritian court system. It may well be that only the final ruling is able to be made public.
Owen
They attacked a member on the basis of violations of rules that don’t actually exist.
You continually refer to AFRINIC's actions as an 'attack'. However, that would seem to be an open question of law , which AFRINIC cannot litigate because they're have no access to their money. On Wed, Sep 1, 2021 at 3:40 PM Owen DeLong <owen@delong.com> wrote:
On Sep 1, 2021, at 04:21 , Tom Beecher <beecher@beecher.cc> wrote:
AFRINIC has received clearance of enough money to cover their normal
expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
It's good that people are still being paid.
That being said, while some may have the opinion that AFRINIC's actions have been 'objectionable' , others have the opinion that their actions were justified and proper. Does it not concern you at all that AFRINIC may be forced into a 'settlement' because they cannot access their funds due to a very dubious claim of damages?
I don’t think AFRINIC is being forced into anything. They attacked a member on the basis of violations of rules that don’t actually exist. The company retaliated by obtaining an injunction. AFRINIC managed to get the injunction temporarily lifted on a technicality (largely of AFRINIC’s making) and took an opportunity to make an existential attack on the member during that brief window of opportunity. AFRINIC then deliberately dragged their feet on complying with a court order restoring the injunction.
As such, no, I’m really not concerned about AFRINIC’s ability to avoid settling and I utterly reject the idea that the claim of damages is at all dubious.
There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts.
Agreed. Please review the recent conduct of the AFRINIC board in detail in this context.
Owen
On Tue, Aug 31, 2021 at 6:59 PM Owen DeLong via NANOG <nanog@nanog.org> wrote:
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
That human cost came not from disagreement on the policies and contract provisions, but from a vengeful action of financial bullying.
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
I saw my quota of questionable court decisions to automatically agree with whatever is decided in this case, even if CI loses, but the arguments from both sides will indeed be very interesting and useful to close out loopholes in the system.
Only if they are ever able to be made public, which is a little iffy given the Mauritian court system. It may well be that only the final ruling is able to be made public.
Owen
On Sep 1, 2021, at 13:30 , Tom Beecher <beecher@beecher.cc> wrote:
They attacked a member on the basis of violations of rules that don’t actually exist.
You continually refer to AFRINIC's actions as an 'attack'. However, that would seem to be an open question of law , which AFRINIC cannot litigate because they're have no access to their money.
Apparently this isn’t an issue for them as they are, in fact, litigating it and have managed to hire the most expensive law firm in Mauritius to do so. Until they went looking for other excuses, their attack was based primarily on accusations that out of region use was not permitted. All of the resources in question were issued prior to activation of the Soft Landing (5.4) policy, so 5.4.6.2 does not apply. If you can find some other place in the CPM that prohibits such, then by all means, let me know. If you cannot, then I think the openness of that question is rather limited. Owen
On Wed, Sep 1, 2021 at 3:40 PM Owen DeLong <owen@delong.com <mailto:owen@delong.com>> wrote:
On Sep 1, 2021, at 04:21 , Tom Beecher <beecher@beecher.cc <mailto:beecher@beecher.cc>> wrote:
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
It's good that people are still being paid.
That being said, while some may have the opinion that AFRINIC's actions have been 'objectionable' , others have the opinion that their actions were justified and proper. Does it not concern you at all that AFRINIC may be forced into a 'settlement' because they cannot access their funds due to a very dubious claim of damages?
I don’t think AFRINIC is being forced into anything. They attacked a member on the basis of violations of rules that don’t actually exist. The company retaliated by obtaining an injunction. AFRINIC managed to get the injunction temporarily lifted on a technicality (largely of AFRINIC’s making) and took an opportunity to make an existential attack on the member during that brief window of opportunity. AFRINIC then deliberately dragged their feet on complying with a court order restoring the injunction.
As such, no, I’m really not concerned about AFRINIC’s ability to avoid settling and I utterly reject the idea that the claim of damages is at all dubious.
There are enough challenges with the internet in Africa to work through already. We shouldn't encourage more difficulties by endorsing strongarm tactics that prevent issues from being properly adjudicated in courts.
Agreed. Please review the recent conduct of the AFRINIC board in detail in this context.
Owen
On Tue, Aug 31, 2021 at 6:59 PM Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
That human cost came not from disagreement on the policies and contract provisions, but from a vengeful action of financial bullying.
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
I saw my quota of questionable court decisions to automatically agree with whatever is decided in this case, even if CI loses, but the arguments from both sides will indeed be very interesting and useful to close out loopholes in the system.
Only if they are ever able to be made public, which is a little iffy given the Mauritian court system. It may well be that only the final ruling is able to be made public.
Owen
again, do not be distracted by the rather obvious DoS on this list. our administrative infra is being attacked. defend it by putting your money where your mouth is. https://www.tespok.co.ke/?page_id=14001 i did and will again. randy
On 9/1/21 00:56, Owen DeLong via NANOG wrote:
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
This is rich! Of course, one should expect people to be mentally settled and do good work when they have no security or clarity about whether they will get paid at the end of each month. These aren't robots, mate. People have real thoughts and real feelings. Stress is not intangible... it releases cortisol, which delivers a number of physiological side effects that work against good health. Financial insecurity is just about the worst stress anyone has to deal with. None of us would sleep well if we knew that our source of income is not guaranteed, despite what some may say about "As such, there shouldn't be any problems with salaries..." Mark.
On Sep 1, 2021, at 04:48 , Mark Tinka <mark@tinka.africa> wrote:
On 9/1/21 00:56, Owen DeLong via NANOG wrote:
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
This is rich!
Of course, one should expect people to be mentally settled and do good work when they have no security or clarity about whether they will get paid at the end of each month.
These aren't robots, mate. People have real thoughts and real feelings.
Stress is not intangible... it releases cortisol, which delivers a number of physiological side effects that work against good health. Financial insecurity is just about the worst stress anyone has to deal with.
None of us would sleep well if we knew that our source of income is not guaranteed, despite what some may say about "As such, there shouldn't be any problems with salaries..."
Mark.
Well… I don’t see you calling out the stress and cortisol actions for the various staff and customers of Cloud Innovation or Larus in your postings when AFRINIC first issued an existential threat to their business based on made-up policies that don’t actually exist. As such, I’d argue that AFRINIC attacked a much larger population first. The fact that (at least so far), AFRINIC’s attacks have been less successful than Cloud Innovation’s counter-attacks doesn’t change the fact that if you want to call it out that way, there’s a greater human cost on the other side. Owen
On Wed, 1 Sep 2021, 22:46 Owen DeLong via NANOG, <nanog@nanog.org> wrote:
On Sep 1, 2021, at 04:48 , Mark Tinka <mark@tinka.africa> wrote:
On 9/1/21 00:56, Owen DeLong via NANOG wrote:
Not to put too fine a point on this, but what human cost?
There were exactly 3 employees that AFRINIC wasn’t able to pay in July, including the CEO (who is one of the major protagonists in creating this problem in the first place). I don’t know who the other two were.
Everyone else got paid for July.
AFRINIC has received clearance of enough money to cover their normal expenses for August and September. As such, there shouldn’t be any problems with salaries or “human cost” in those months. Hopefully given that reprieve, cooler heads at AFRINIC can prevail and some form of settlement can be achieved before they run out of money from that reprieve.
This is rich!
Of course, one should expect people to be mentally settled and do good work when they have no security or clarity about whether they will get paid at the end of each month.
These aren't robots, mate. People have real thoughts and real feelings.
Stress is not intangible... it releases cortisol, which delivers a number of physiological side effects that work against good health. Financial insecurity is just about the worst stress anyone has to deal with.
None of us would sleep well if we knew that our source of income is not guaranteed, despite what some may say about "As such, there shouldn't be any problems with salaries..."
Mark.
Well… I don’t see you calling out the stress and cortisol actions for the various staff and customers of Cloud Innovation or Larus in your postings when AFRINIC first issued an existential threat to their business based on made-up policies that don’t actually exist.
Mmmmm see below.
As such, I’d argue that AFRINIC attacked a much larger population first.
You are not being honest Owen. See below an extract from AFRNIC CEO message on the termination of CIL.
<snip> - In order not to disrupt Internet connectivity of the relevant users especially in the current context of the COVID-19 pandemic, all affected users will exceptionally be granted a grace period of 90 days to consider other available options in their best interests. Consequently, the actual reclamation of the relevant number resources will occur following the expiry of the grace period. Eddy Kayihura Chief Executive Officer, African Network Information Centre (AFRINIC) <snip> So how did AFRINIC attack the so called larger population you are claiming about? All Cloud Innovation Ltd clients had been given 90 days to work things out with AFRINIC. Cheers, Noah
On 8/31/21 22:55, Sabri Berisha wrote:
I regret the true human cost that Mark pointed out, yet I am fascinated by the case and the arguments on both sides. The court will have their work cut out for them.
The human cost has nothing to do with the wording of allocation language. That was just pure posturing. Mark.
On 8/31/21 22:37, Rubens Kuhl wrote:
I can try helping with that: in underserved regions it's not unusual for network services for that population to be physically hosted out of the region. For instance, if you have a hosting service that only accepts South African rands and your language options are Afrikaans and Zulu, you can credibly argue to AfriNIC that you are targeting its service region and are eligible for AfriNIC number resources.
But you would need to be upfront with that, including mentioning that your upstreams are not from Africa and your installations won't be in Africa. Otherwise you applied for number resources under false pretenses, and will bear the risk of such.
I believe CI had a small footprint in South Africa in some rack. Certainly nothing that would bother a /29. Mark.
On Tue, 31 Aug 2021, Sabri Berisha wrote:
----- On Aug 31, 2021, at 8:40 AM, Jon Lewis jlewis@lewis.org wrote:
Hi,
[ I'm not affiliated with CI in any way, just playing the Devil's Advocate ]
"5.4.6.2 AFRINIC resources are for AFRINIC service region and any use outside the region should be solely in support of connectivity back to the AFRINIC region."
AfriNIC's policy is not at all vague on the matter that their resources are to be used in or to support connectivity in the AFRINIC region.
In all fairness, that is as ambiguous as it can be. What constitutes "support of connectivity back to the AfriNIC region"?
It's easy to argue that CI is in full compliance with that since their assignment supports connectivity between users in Africa and their clients' services. In that case, only IP space used outside of Africa not advertised to the internet would be in violation.
I think any reasonable person would argue "in support of connectivity back to the AFRINIC region." would cover things like providing IP addressing for a network that extends into the AfriNIC region, and not to leasing IPs to random orgs outside the AfriNIC region for use on networks that don't extend into the AfriNIC region. Regardless, I gather from other messages, the issue is CI claims this is a misapplication of policy (or AfriNIC f'd up writing the CPM) and CI claims 5.4.6.2 doesn't apply because their allocations pre-date AfriNIC being down to their final /8. It sure looks to me like this was a major oversight, as 5.4.6.2 doesn't appear to have anything to do with soft landing, but is under the soft landing section of the CPM (which says "This section describes how AFRINIC shall assign...resources during the "Exhaustion Phase"...." ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Aug 31, 2021, at 13:53 , Jon Lewis <jlewis@lewis.org> wrote:
On Tue, 31 Aug 2021, Sabri Berisha wrote:
----- On Aug 31, 2021, at 8:40 AM, Jon Lewis jlewis@lewis.org wrote:
Hi,
[ I'm not affiliated with CI in any way, just playing the Devil's Advocate ]
"5.4.6.2 AFRINIC resources are for AFRINIC service region and any use outside the region should be solely in support of connectivity back to the AFRINIC region."
AfriNIC's policy is not at all vague on the matter that their resources are to be used in or to support connectivity in the AFRINIC region.
In all fairness, that is as ambiguous as it can be. What constitutes "support of connectivity back to the AfriNIC region"?
It's easy to argue that CI is in full compliance with that since their assignment supports connectivity between users in Africa and their clients' services. In that case, only IP space used outside of Africa not advertised to the internet would be in violation.
I think any reasonable person would argue "in support of connectivity back to the AFRINIC region." would cover things like providing IP addressing for a network that extends into the AfriNIC region, and not to leasing IPs to random orgs outside the AfriNIC region for use on networks that don't extend into the AfriNIC region.
Regardless, I gather from other messages, the issue is CI claims this is a misapplication of policy (or AfriNIC f'd up writing the CPM) and CI claims 5.4.6.2 doesn't apply because their allocations pre-date AfriNIC being down to their final /8.
It sure looks to me like this was a major oversight, as 5.4.6.2 doesn't appear to have anything to do with soft landing, but is under the soft landing section of the CPM (which says "This section describes how AFRINIC shall assign...resources during the "Exhaustion Phase"...."
I was present for many of the debates over the soft landing policy. 5.4.6.2 is language that came from that policy proposal and was quite clearly and deliberately intended to be part of that policy and be applied once exhaustion phase 1 was activated. It is not an oversight and it is not an error that it is part of that policy. One might argue that the lack of a more general policy regarding out of region use was an oversight once upon a time, but an effort was made by one community member to get such a policy adopted. There was much vocal opposition and the policy did not achieve consensus in the community. It was ultimately withdrawn by the author per the AFRINIC PDP. Owen
On 8/31/21 22:28, Sabri Berisha wrote:
It's easy to argue that CI is in full compliance with that since their assignment supports connectivity between users in Africa and their clients' services. In that case, only IP space used outside of Africa not advertised to the internet would be in violation.
AFRINIC's intention with that language is that those IP addresses need to be assigned for use by eyeballs and operations in Africa. Of course, the Internet is a two-way street, but the IP addresses from which the traffic is sourced, in this case, need to be used inside the continent of Africa. Mark.
(I'm going to regret this in the morning, but...) On Mon, Aug 30, 2021 at 8:12 PM Owen DeLong via NANOG <nanog@nanog.org> wrote:
AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
All of the RIR's do this, yes. Also, yes LIR/ISP allocate space to their customers. That space may never be actually seen on the ISP/LIR network and may never be seen on the greater Internet...
Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services.
If you (royal you) were a datacenter operator and allocated ip space to your customers (machines in racks or vms on machines in racks, etc), is there a real difference here if the machines/vms never exposed or used their IP addresses outside if the tiny world they inhabit ? (the rack or machine) The want of unique addressing is not uncommon, the need for this in the face of M&A or other business requirements isn't new. Yes, these addresses may not be used outside of the datacenter, or the rack or the machine, but they are still accounted for in: 1) the RIR (to the LIR) 2) the LIR (to the customer) 3) the customer (on machine/vm) It's a resource that the LIR/datacenter operator must account for, and must have capacity planning bits/pieces in place to handle. I think the discussion about 'with connectivity services' is a bit orthogonal. I also think that if there were such a policy requirement all RIR and LIR would be in violation of that requirement immediately, so I don't imagine that there's going to be one forthcoming.
However, there’s no such policy requirement in the AFRINIC governing documents.
I don't think you can safely deploy a policy like this Owen (which perhaps you mean here as well). -chris
On 30 Aug 2021, at 9:31 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
(I'm going to regret this in the morning, but...)
Perhaps...
On Mon, Aug 30, 2021 at 8:12 PM Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
All of the RIR's do this, yes. Also, yes LIR/ISP allocate space to their customers. That space may never be actually seen on the ISP/LIR network and may never be seen on the greater Internet...
Quite correct. The operational need for address space can indeed by “internal”; i.e. not routed on the greater Internet.
Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their connectivity services.
If you (royal you) were a datacenter operator and allocated ip space to your customers (machines in racks or vms on machines in racks, etc), is there a real difference here if the machines/vms never exposed or used their IP addresses outside if the tiny world they inhabit ? (the rack or machine)
The want of unique addressing is not uncommon, the need for this in the face of M&A or other business requirements isn't new. Yes, these addresses may not be used outside of the datacenter, or the rack or the machine, but they are still accounted for in: 1) the RIR (to the LIR) 2) the LIR (to the customer) 3) the customer (on machine/vm)
It's a resource that the LIR/datacenter operator must account for, and must have capacity planning bits/pieces in place to handle.
Also all correct, but I will note that in the above case there is some form of networking services being provided and thus require the use of unique addresses to make it happen. Again, the routing to the greater internet isn’t necessarily a component to having the need for IP address space to provide networking services.
I think the discussion about 'with connectivity services' is a bit orthogonal. I also think that if there were such a policy requirement all RIR and LIR would be in violation of that requirement immediately, so I don't imagine that there's going to be one forthcoming.
You have read “connectivity” to be “routed on the greater Internet” and yet we’re all aware that there are many useful networking services that don’t equate - a broadband connection to one’s home may only route a single IP to the greater Internet, but all the devices inside still benefit from the network service provided. Even if the network service provided is entirely internal, there is still networking involved and thus an operational need for IP address to make such networking work. In the ARIN region, if you request IP address space, we assess that per the community-developed Number Resource Policy Manual, i.e. <https://www.arin.net/participate/policy/nrpm/ <https://www.arin.net/participate/policy/nrpm/>> All assignments are made accordingly to “operational need” even to this day - i.e. you have to have some actual networking requirement if you are to be issued an IP address block, although this doesn’t equate to “must be routed on the public Internet”. Do we have parties who postulate their operational need based on entirely internal services, or services that live within virtual devices in a data center? Sure… and some of these are indeed legitimate and fulfilled per policy. We also have folks who get creative and make similar requests for purposes of obtaining address blocks from ARIN – absent any bona fide networking need –for subsequent monetization and these reviewed, revoked, and can be referred to criminal fraud proceedings. For those who need IP address blocks for their network operation, it’s really not complicated – you can call, email, or chat with the ARIN Helpdesk and we’ll work you through it. I don’t know about the policy in the other region, but can state unequivocally that if you call with the need for IP address space for an actual operational networking situation, we’ll do our best to help you with your request and get it approved based on whatever the policies allow. I can also say that if one's purported operational need for address space is "for reassignment to customers but completely absent any networking service”, then don’t bother applying to ARIN – the policies do not provide for issuance under such circumstances and have never in the ARIN region. FYI, /John John Curran President and CEO American Registry for Internet Numbers
Do we have parties who postulate their operational need based on entirely internal services, or services that live within virtual devices in a data center? Sure… and some of these are indeed legitimate and fulfilled per policy. We also have folks who get creative and make similar requests for purposes of obtaining address blocks from ARIN – absent any bona fide networking need –for subsequent monetization and these reviewed, revoked, and can be referred to criminal fraud proceedings.
Yes, but in the ARIN region, you have also made it very clear that if needs change, ARIN will not attempt to revoke or reclaim space based on that change in need.
For those who need IP address blocks for their network operation, it’s really not complicated – you can call, email, or chat with the ARIN Helpdesk and we’ll work you through it. I don’t know about the policy in the other region, but can state unequivocally that if you call with the need for IP address space for an actual operational networking situation, we’ll do our best to help you with your request and get it approved based on whatever the policies allow. I can also say that if one's purported operational need for address space is "for reassignment to customers but completely absent any networking service”, then don’t bother applying to ARIN – the policies do not provide for issuance under such circumstances and have never in the ARIN region.
OTOH, a GRE tunnel is sufficient to qualify as “networking service” in the ARIN region, so all one needs is the tiniest of fig leaves in front of ones lease to make it work. Owen
On 31 Aug 2021, at 2:23 PM, Owen DeLong <owen@delong.com<mailto:owen@delong.com>> wrote: Do we have parties who postulate their operational need based on entirely internal services, or services that live within virtual devices in a data center? Sure… and some of these are indeed legitimate and fulfilled per policy. We also have folks who get creative and make similar requests for purposes of obtaining address blocks from ARIN – absent any bona fide networking need –for subsequent monetization and these reviewed, revoked, and can be referred to criminal fraud proceedings. Yes, but in the ARIN region, you have also made it very clear that if needs change, ARIN will not attempt to revoke or reclaim space based on that change in need. Owen - ARIN has full authority to revoke number resources based on breach of our Registration Services Agreement (RSA) by a customer. We do exercise that authority with significant caution, but will do so when the situation warrants – and I would expect any other RIR to do the same in enforcing the particular terms of their own RSA agreement. As I understand it, AFRINIC has initiated a rather small number of resource reviews after completion of its most recent database audit – one might argue that they should have initiated more/fewer/none-at-all, but one cannot logically assert that AFRINIC lacks the right to enforce the plain language of their RSA agreement when a review indicates that a breach of that agreement has occurred. You also may not like that the AFRINIC RSA has recipients acknowledging that they are 'bestowed with an exclusive right of use of those number resources within the ambit of the “need” which it has justified in its application and for no other purpose during the currency of the present agreement’, but please recognize that "your client” apparently liked that provision well enough to agree to it in order to receive the address blocks – so there’s really not much more to be said in this regard. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On Aug 31, 2021, at 12:17 , John Curran <jcurran@arin.net> wrote:
On 31 Aug 2021, at 2:23 PM, Owen DeLong <owen@delong.com <mailto:owen@delong.com>> wrote:
Do we have parties who postulate their operational need based on entirely internal services, or services that live within virtual devices in a data center? Sure… and some of these are indeed legitimate and fulfilled per policy. We also have folks who get creative and make similar requests for purposes of obtaining address blocks from ARIN – absent any bona fide networking need –for subsequent monetization and these reviewed, revoked, and can be referred to criminal fraud proceedings.
Yes, but in the ARIN region, you have also made it very clear that if needs change, ARIN will not attempt to revoke or reclaim space based on that change in need.
Owen -
ARIN has full authority to revoke number resources based on breach of our Registration Services Agreement (RSA) by a customer. We do exercise that authority with significant caution, but will do so when the situation warrants – and I would expect any other RIR to do the same in enforcing the particular terms of their own RSA agreement.
Agreed. Nonetheless, you have repeatedly stood in front of the community and stated that if the only violation of ARIN policy is insufficient utilization, ARIN will not take action against the organization to revoke or reclaim the resources.
As I understand it, AFRINIC has initiated a rather small number of resource reviews after completion of its most recent database audit – one might argue that they should have initiated more/fewer/none-at-all, but one cannot logically assert that AFRINIC lacks the right to enforce the plain language of their RSA agreement when a review indicates that a breach of that agreement has occurred.
Depending on your definition of rather small. I hear it’s ≥ 1% of all resource holders so far and climbing.
You also may not like that the AFRINIC RSA has recipients acknowledging that they are 'bestowed with an exclusive right of use of those number resources within the ambit of the “need” which it has justified in its application and for no other purpose during the currency of the present agreement’, but please recognize that "your client” apparently liked that provision well enough to agree to it in order to receive the address blocks – so there’s really not much more to be said in this regard.
Please also note that there is a provision further down in the agreement for dealing with modifications as they come up. Whether my client did or did not comply with that provision is a matter for the courts at this point and I can’t comment on the exact nature of that particular issue as a result. However, I think there is adequate public information available to show that there is at least some legitimate dispute as to the facts of whether my client is is or is not in compliance with the RSA. I look forward to the courts decision on the matter as once that comes, I will be able to talk more freely regardless of the outcome. Owen
On 8/31/21 01:08, Owen DeLong wrote:
Just as I would fight for the rights of those I disagree with to express their views in the US under the first amendment rights granted by the US Constitution.
I fail to see how the U.S. Constitution is an applicable example for what CI are doing in Africa.
If one is to believe in the rule of law, one must not attempt to distort the law to punish those you do not like if they are compliant with the law. Instead, work through the legitimate processes as they exist to change the laws.
Well, the law did work. AFRINIC were asked not to revoke the CI space, which they complied with. The distortion, here, is that CI took this matter significantly further, in an effort to cripple AFRINIC from attempting to work through this in any other way. There is no way of sugar-coating it, Owen. It's bad form, and not a humane way of dealing with an asset that requires communal trust capital.
There are a variety of possible ways in which the AFRINIC community could develop legitimate policies which would be problematic for the business model of Cloud Innovation (or at least require some changes to their business practices). However, no such policy has yet come to consensus and attempting to inflict policies which don’t exist on any resource member and revoke that member’s resources according to said non-existent policies is just plain wrong. As I have stated before, I think that AFRINIC’s willing to engage in practices not supported by the bylaws, CPM, or RSA is the greater threat to the RIR system, so I oppose AFRINIC on that basis. Quite literally, IMHO, in the interests of this very community.
None of this matters because the issue was taken to court, and they found in favour of CI. That should have been the end, both sides reset, and play the game another way that does not irresponsibly hurt livelihoods during tough pandemic times. The extra gloating by freezing AFRINIC's operations was totally unnecessary and opportunistic, against an organization that does not have the resources to play the same game at that level. How is that helping anyone, really?
I get that it’s popular to dislike Lu.
I, personally, do not have any thoughts on Lu. I'm too busy trying to build the African Internet.
He’s not a particularly likable guy at first blush. He’s arrogant, profit focused, and comes from a non-technical business background. But this isn’t a popularity contest. This is about the very soul of the AFRINIC and whether we want an organization that operates according to its governing documents, or one which substitutes the ideology and judgment of its staff in place of the guidance from the community in order to carry out a vendetta against a member that is unpopular.
Well, looks like he got the jump on AFRINIC with that "vendetta", then. I don't see him struggling to pay any of this employees so they can have a meal tonight. This will definitely make him much more likeable, less arrogant, and more humane. At the end of the day, what we do on this earth is about people. All this Internet stuff we build is about people, not about itself. While it's easy to condense things into "it's not personal, it's business", that is not real life. In real life, we spend inordinate amounts of personal time building businesses. It's a personal thing. It's a people thing. CI will need the support of people, one day. I hope to be alive to see what happens, on that morning.
So yes, I continue to work for and support Lu in this capacity because in this case, I believe AFRINIC has overstepped its mandate and acted contrary to its own policies and bylaws as they are written. I am standing up for what I believe to be right, even though I don’t particularly like the side that puts me on in this case. I tried my best to make this clear before things escalated. I did everything I could to avert this escalation, but I faced even more problematic egos on the AFRINIC side than on the Cloud Innovation side.
I am here doing what I am doing because I have ethics and morals. Because even though I often disagree with Lu, in this case, he happens to be right and AFRINIC must not be allowed to act so irresponsibly in this matter.
Let me go donate some more to AFRINIC staff, so they can have some bread and water before they put to bed and have to think about tomorrow. I've been out of school for a long time, but when I went there, ethics and morals were not a macro nutrient. Mark.
You may not like Lu and/or his business model. I’m not a fan of his business model myself, but it is technically permitted under existing policy. If the community doesn’t like that fact, there is a process to change the policies. Terminating a member based on rules which don’t actually exist, on the other hand sets a very dangerous and corrupt precedent and is a threat to the trust we all want to have in the RIR system.
I have no problem with business models I don't like, I just don't do business with companies that use those. But this particular scumbag went far beyond that. The net is a living organism, with an immune system as well; if T-cells and lymphocytes are unable to deal with a threat, natural killers come along. Rubens
----- On Aug 30, 2021, at 6:29 AM, Rubens Kuhl rubensk@gmail.com wrote:
And that's why carpet bombing those IP blocks might be needed so the next
entity that ends up with those IP addresses long after CI has gone into oblivion will have its engineers debug odd routing issues for years. We all know that people regularly fail to update their manually entered filters on at least a few of their routers. The learned people on this list do not strike me as the kind of person to go out and engage in vigilante justice if a court decides against them. The very fabric of our civilized society depends on us resolving our conflicts in court, not out on the (virtual) streets. You may disagree with a ruling but I implore you to respect it. Rules... Without them we'd live with the animals.* Thanks, Sabri *(c) John Wick
But to be clear, if this was a simple court case I don't think anyone on this list would have an issue with simply sitting back and letting the court decide. You have to remember though that CI in this case has essentially forced one of the major registrars to virtually shut down. That's a direct attack on the system that is of fundamental importance to the proper running of the Internet. Having the system react strongly to such a threat is entirely understandable. On Mon, Aug 30, 2021 at 10:40 AM Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Aug 30, 2021, at 6:29 AM, Rubens Kuhl rubensk@gmail.com wrote:
And that's why carpet bombing those IP blocks might be needed so the next
entity that ends up with those IP addresses long after CI has gone into oblivion will have its engineers debug odd routing issues for years. We all know that people regularly fail to update their manually entered filters on at least a few of their routers.
The learned people on this list do not strike me as the kind of person to go out and engage in vigilante justice if a court decides against them. The very fabric of our civilized society depends on us resolving our conflicts in court, not out on the (virtual) streets. You may disagree with a ruling but I implore you to respect it.
Rules... Without them we'd live with the animals.*
Thanks,
Sabri
*(c) John Wick
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Um, Mike, no… That’s neither a fair nor accurate characterization of the current situation. AFRINIC has been given access to the equivalent of two months of operating costs from their bank accounts in a recent court ruling, so they are nowhere close to shut down. All of the chicken littles running around claiming otherwise notwithstanding, no, AFRINIC was never actually shut down. Further, the registries are not engaged in the daily operations of the internet. They come into play for adds and changes, primarily and those transactions while important are not generally urgent. Were AFRINIC unable to staff its offices for some period of time, I’m quite certain that the other RIRs would be able to take up those key functions, either by loaning personnel to AFRINIC or by taking over those necessary roles as needed either temporarily or permanently. So while having the system react strongly to such a threat would be understandable, that’s a very overblown and inaccurate characterization of the threat in question. Owen
On Aug 30, 2021, at 11:00 , Mike Hale <eyeronic.design@gmail.com> wrote:
But to be clear, if this was a simple court case I don't think anyone on this list would have an issue with simply sitting back and letting the court decide.
You have to remember though that CI in this case has essentially forced one of the major registrars to virtually shut down. That's a direct attack on the system that is of fundamental importance to the proper running of the Internet. Having the system react strongly to such a threat is entirely understandable.
On Mon, Aug 30, 2021 at 10:40 AM Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Aug 30, 2021, at 6:29 AM, Rubens Kuhl rubensk@gmail.com wrote:
And that's why carpet bombing those IP blocks might be needed so the next
entity that ends up with those IP addresses long after CI has gone into oblivion will have its engineers debug odd routing issues for years. We all know that people regularly fail to update their manually entered filters on at least a few of their routers.
The learned people on this list do not strike me as the kind of person to go out and engage in vigilante justice if a court decides against them. The very fabric of our civilized society depends on us resolving our conflicts in court, not out on the (virtual) streets. You may disagree with a ruling but I implore you to respect it.
Rules... Without them we'd live with the animals.*
Thanks,
Sabri
*(c) John Wick
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
On Mon, 30 Aug 2021 16:29:48 -0700 Owen DeLong via NANOG <nanog@nanog.org> wrote:
Further, the registries are not engaged in the daily operations of the internet.
Hi Owen, Your statement above I have to insist is simply incorrect. In addition to the traditional services that are relied upon in a variety of daily operations (e.g. WHOIS, IRR, DNS reverse delegations), the increasingly important RPKI TAs/PPs services are of utmost importance in the daily operations of an increasing number of networks within and outside their region. They are just a different kind of infrastructure service operator than we may be commonly thing of when it comes to network operations. John
It strikes me that ( without pointing at anyone in particular ) that there's a bit of absolutism trending in this conversation. It's possible for many things in this list to be true. - It's possible that AFRINIC may have been following it's policies accurately at the time of the initial allocations,and the current leadership was overstepping their bounds trying to reclaim them. - It's possible that AFRINIC may NOT have been following it's own policies at the time of the initial allocations, and the current leadership is trying to correct those past mistakes. - It's possible that CI accurately represented information to AFRINIC. - It's possible that CI did not. - It's possible that CI has, at all times,been properly in compliance with AFRNIC policies. - It's possible that CI has not. - It's possible that CI may been been following the letter, if not the spirit of the policies. - It's possible that AFRINIC was intentionally delaying restoration of the allocations after the court order. - It's possible that AFRINIC was a little slow to respond, waiting on advice from legal counsel before taking action. I think we could mostly agree that while potentially frustrating ,such things can and have happened in the past,and can and have been rectified. However, where I think we ALL should be able to agree is that CI's garnishment action is exceptionally punitive and out of line. On Mon, Aug 30, 2021 at 10:08 PM John Kristoff <jtk@dataplane.org> wrote:
On Mon, 30 Aug 2021 16:29:48 -0700 Owen DeLong via NANOG <nanog@nanog.org> wrote:
Further, the registries are not engaged in the daily operations of the internet.
Hi Owen,
Your statement above I have to insist is simply incorrect. In addition to the traditional services that are relied upon in a variety of daily operations (e.g. WHOIS, IRR, DNS reverse delegations), the increasingly important RPKI TAs/PPs services are of utmost importance in the daily operations of an increasing number of networks within and outside their region. They are just a different kind of infrastructure service operator than we may be commonly thing of when it comes to network operations.
John
we all, in true nanog tradition, sure do talk a lot. but, to repeat, i put my money where my mouth is. you should too. https://www.tespok.co.ke/?page_id=14001 randy
On 8/31/21 04:42, Tom Beecher wrote:
It strikes me that ( without pointing at anyone in particular ) that there's a bit of absolutism trending in this conversation.
It's possible for many things in this list to be true.
- It's possible that AFRINIC may have been following it's policies accurately at the time of the initial allocations,and the current leadership was overstepping their bounds trying to reclaim them. - It's possible that AFRINIC may NOT have been following it's own policies at the time of the initial allocations, and the current leadership is trying to correct those past mistakes. - It's possible that CI accurately represented information to AFRINIC. - It's possible that CI did not. - It's possible that CI has, at all times,been properly in compliance with AFRNIC policies. - It's possible that CI has not. - It's possible that CI may been been following the letter, if not the spirit of the policies. - It's possible that AFRINIC was intentionally delaying restoration of the allocations after the court order. - It's possible that AFRINIC was a little slow to respond, waiting on advice from legal counsel before taking action.
I think we could mostly agree that while potentially frustrating ,such things can and have happened in the past,and can and have been rectified.
However, where I think we ALL should be able to agree is that CI's garnishment action is exceptionally punitive and out of line.
I agree with this - which is why I am not spending any cycles arguing about whether the bylaws were side-stepped or not (there is already too much of that noise on the AFRINIC RPD list). My main focus is that CI got AFRINIC to undo the revocation, but continued to go Pulp Fiction on them after that. We all have some kind of work so we can put food on tables and feed our wives, husbands, children and extended families. In a period and time where work and income are hanging on by a thread, on a continent, no less, that has significantly less resources to go around compared to where CI come from and whom they employ, what this issue highlights is a pure example of where some corners of society are trying to place importance - money and things, instead of community and solving real problems. It is disgusting. Mark.
On Aug 30, 2021, at 19:06 , John Kristoff <jtk@dataplane.org> wrote:
On Mon, 30 Aug 2021 16:29:48 -0700 Owen DeLong via NANOG <nanog@nanog.org> wrote:
Further, the registries are not engaged in the daily operations of the internet.
Hi Owen,
Your statement above I have to insist is simply incorrect. In addition to the traditional services that are relied upon in a variety of daily operations (e.g. WHOIS, IRR, DNS reverse delegations), the increasingly important RPKI TAs/PPs services are of utmost importance in the daily operations of an increasing number of networks within and outside their region. They are just a different kind of infrastructure service operator than we may be commonly thing of when it comes to network operations.
Yes, but those services continue even if the registry isn’t open for a couple of days. We can agree to disagree about how useful it is to have a cryptographically signed indication of what to prepend to your spoofing. My point is that if an RIR itself closes for a few days, its an event that, well, happens pretty much every weekend. After a brief time without the RIR there to make changes, the operations performed by that RIR will almost certainly be taken up either temporarily or permanently by the other RIRs. Owen
On Tue, 31 Aug 2021, 05:08 John Kristoff, <jtk@dataplane.org> wrote:
On Mon, 30 Aug 2021 16:29:48 -0700 Owen DeLong via NANOG <nanog@nanog.org> wrote:
Further, the registries are not engaged in the daily operations of the internet.
Hi Owen,
Your statement above I have to insist is simply incorrect. In addition to the traditional services that are relied upon in a variety of daily operations (e.g. WHOIS, IRR, DNS reverse delegations), the increasingly important RPKI TAs/PPs services are of utmost importance in the daily operations of an increasing number of networks within and outside their region. They are just a different kind of infrastructure service operator than we may be commonly thing of when it comes to network operations.
+1 as its important to remind folk the above and most importantly to provide the additional distinct role of the RIR and their importance beyond just managing INR allocations. Noah
John
On 8/31/21 01:29, Owen DeLong via NANOG wrote:
Um, Mike, no… That’s neither a fair nor accurate characterization of the current situation.
AFRINIC has been given access to the equivalent of two months of operating costs from their bank accounts in a recent court ruling, so they are nowhere close to shut down. All of the chicken littles running around claiming otherwise notwithstanding, no, AFRINIC was never actually shut down.
Wow. Problem solved. Mark.
On Aug 30, 2021, at 22:06 , Mark Tinka <mark@tinka.africa> wrote:
On 8/31/21 01:29, Owen DeLong via NANOG wrote:
Um, Mike, no… That’s neither a fair nor accurate characterization of the current situation.
AFRINIC has been given access to the equivalent of two months of operating costs from their bank accounts in a recent court ruling, so they are nowhere close to shut down. All of the chicken littles running around claiming otherwise notwithstanding, no, AFRINIC was never actually shut down.
Wow. Problem solved.
Mark.
I guess that depends on whether or not AFRINIC is willing to engage in a reasonable settlement effort within the next 2 months or not. I guess we’ll see what they do. Owen
On Aug 30, 2021, at 22:21 , Mark Tinka <mark@tinka.africa> wrote:
On 8/31/21 07:16, Owen DeLong wrote:
I guess that depends on whether or not AFRINIC is willing to engage in a reasonable settlement effort within the next 2 months or not.
I guess we’ll see what they do.
Lots of guessing...
Mark.
Yes… AFRINIC’s actions of late are so illogical that when it comes to predicting them, all I can do is guess. Owen
On Mon, Aug 30, 2021 at 2:35 PM Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Aug 30, 2021, at 6:29 AM, Rubens Kuhl rubensk@gmail.com wrote:
And that's why carpet bombing those IP blocks might be needed so the next
entity that ends up with those IP addresses long after CI has gone into oblivion will have its engineers debug odd routing issues for years. We all know that people regularly fail to update their manually entered filters on at least a few of their routers.
We already have IP blocks with so much "background radiation" that RIRs prefer not allocating them, or only allocating them to people with distributed traffic handling capacity, like 1.1.1.x. But the less of those there are, the better.
The learned people on this list do not strike me as the kind of person to go out and engage in vigilante justice if a court decides against them. The very fabric of our civilized society depends on us resolving our conflicts in court, not out on the (virtual) streets. You may disagree with a ruling but I implore you to respect it.
As previously mentioned, this is about something that doesn't involve a court ruling, at least not yet, but a seizure request made by the party to attack the sustainability of the RIR. Rulings that people disagree have their own way inside the court system to be dealt with. Rubens
----- On Aug 30, 2021, at 11:18 AM, Rubens Kuhl rubensk@gmail.com wrote: Hello Rubens, First and foremost, I appreciate that you're keeping it civil.
On Mon, Aug 30, 2021 at 2:35 PM Sabri Berisha <sabri@cluecentral.net> wrote:
The learned people on this list do not strike me as the kind of person to go out and engage in vigilante justice if a court decides against them. The very fabric of our civilized society depends on us resolving our conflicts in court, not out on the (virtual) streets. You may disagree with a ruling but I implore you to respect it.
As previously mentioned, this is about something that doesn't involve a court ruling, at least not yet, but a seizure request made by the party to attack the sustainability of the RIR. Rulings that people disagree have their own way inside the court system to be dealt with.
I really, really don't want to upset Mel more than he already is, but Owen shared a link with an actual order of the court. After "consideration of the affidavit" the court allowed "up to" $50 million to be frozen. Whatever the merits of the affidavit are, it indicates that the court looked at the facts, made a determination and based on that ordered the asset freeze. That sounds like a (preliminary) ruling to me. I don't necessarily agree with it due to the implications it has on African internet operations, and, as Mark rightfully brought up, all the employment that depends on it, but I have to respect it. And don't get me wrong: I am not informed enough as to the dispute itself so I'm unable to form an opinion on who is right and who is wrong here. People whom I deeply respect on this list are on opposite sides so that adds to the confusion. I am, however, concerned with the operational implications. That's why I donated to the keep-Afrinic-alive-fund. I've ran an RBL for years, which many people used. It closed down more than a decade ago. Out of 100 DNS queries I logged just now with a quick tcpdump on one of my three DNS servers, I counted 51 for rbl.cluecentral.net. That's why I'm advocating to reconsider your carpet-bombing (filter into oblivion) recommendation. People don't remove them. Thanks, Sabri
After "consideration of the affidavit" the court allowed "up to" $50 million to be frozen. Whatever the merits of the affidavit are, it indicates that the court looked at the facts, made a determination and based on that ordered the asset freeze.
There's an important distinction to be made here. The Supreme Court of Mauritius did not ORDER the asset freeze. The order AUTHORIZED CI to garnish $50MUSD of AFRINIC's assets "at it's own risks and perils" . This means that if AFRINIC countersues CI , and it is found in court that CI did not have a valid claim to AFRINIC's assets, CI will be liable for damages. On Mon, Aug 30, 2021 at 3:09 PM Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Aug 30, 2021, at 11:18 AM, Rubens Kuhl rubensk@gmail.com wrote:
Hello Rubens,
First and foremost, I appreciate that you're keeping it civil.
On Mon, Aug 30, 2021 at 2:35 PM Sabri Berisha <sabri@cluecentral.net> wrote:
The learned people on this list do not strike me as the kind of person to go out and engage in vigilante justice if a court decides against them. The very fabric of our civilized society depends on us resolving our conflicts in court, not out on the (virtual) streets. You may disagree with a ruling but I implore you to respect it.
As previously mentioned, this is about something that doesn't involve a court ruling, at least not yet, but a seizure request made by the party to attack the sustainability of the RIR. Rulings that people disagree have their own way inside the court system to be dealt with.
I really, really don't want to upset Mel more than he already is, but Owen shared a link with an actual order of the court. After "consideration of the affidavit" the court allowed "up to" $50 million to be frozen. Whatever the merits of the affidavit are, it indicates that the court looked at the facts, made a determination and based on that ordered the asset freeze. That sounds like a (preliminary) ruling to me. I don't necessarily agree with it due to the implications it has on African internet operations, and, as Mark rightfully brought up, all the employment that depends on it, but I have to respect it.
And don't get me wrong: I am not informed enough as to the dispute itself so I'm unable to form an opinion on who is right and who is wrong here. People whom I deeply respect on this list are on opposite sides so that adds to the confusion. I am, however, concerned with the operational implications. That's why I donated to the keep-Afrinic-alive-fund.
I've ran an RBL for years, which many people used. It closed down more than a decade ago. Out of 100 DNS queries I logged just now with a quick tcpdump on one of my three DNS servers, I counted 51 for rbl.cluecentral.net. That's why I'm advocating to reconsider your carpet-bombing (filter into oblivion) recommendation. People don't remove them.
Thanks,
Sabri
I really, really don't want to upset Mel more than he already is, but Owen shared a link with an actual order of the court. After "consideration of the affidavit" the court allowed "up to" $50 million to be frozen. Whatever the merits of the affidavit are, it indicates that the court looked at the facts, made a determination and based on that ordered the asset freeze. That sounds like a (preliminary) ruling to me.
It has not. It's just an assessment that the assets involved can be valued at that amount.
I don't necessarily agree with it due to the implications it has on African internet operations, and, as Mark rightfully brought up, all the employment that depends on it, but I have to respect it.
No need to agree or disagree with a court that hasn't made a decision on this yet. And when a decision comes out some will agree, others will disagree, and that will also be sorted out.
And don't get me wrong: I am not informed enough as to the dispute itself so I'm unable to form an opinion on who is right and who is wrong here. People whom I deeply respect on this list are on opposite sides so that adds to the confusion. I am, however, concerned with the operational implications. That's why I donated to the keep-Afrinic-alive-fund.
There is another operational implication if RIRs are unable to enforce deviations from the information provided when a resource holder applied for them. Regardless of whether the business model is good or bad, I don't see that party proving that they told AfriNIC at application time of the usage they really did of the resources. But if RIRs are unable to enforce those, they become book-keepers instead of RIRs. All IPv4 allocation could be done with a single shared spreadsheet for the whole world.
I've ran an RBL for years, which many people used. It closed down more than a decade ago. Out of 100 DNS queries I logged just now with a quick tcpdump on one of my three DNS servers, I counted 51 for rbl.cluecentral.net. That's why I'm advocating to reconsider your carpet-bombing (filter into oblivion) recommendation. People don't remove them.
I understand the risk, but when choosing between that risk and the systemic risk for the RIR system, the choice for me is very clear. Kinda like removing a malignant tumor. Rubens
----- On Aug 30, 2021, at 12:37 PM, Rubens Kuhl rubensk@gmail.com wrote: Hi,
I've ran an RBL for years, which many people used. It closed down more than a decade ago. Out of 100 DNS queries I logged just now with a quick tcpdump on one of my three DNS servers, I counted 51 for rbl.cluecentral.net. That's why I'm advocating to reconsider your carpet-bombing (filter into oblivion) recommendation. People don't remove them.
I understand the risk, but when choosing between that risk and the systemic risk for the RIR system, the choice for me is very clear. Kinda like removing a malignant tumor.
While I disagree with it, I do understand your point of view. I'm a proponent of "your network, your rules". But, if you would choose to filter the netblocks associated with this case, I would recommend that you filter them in BGP and not ACL them into oblivion. That way your customers won't be impacted (I have been on the customer end of something like this). Thanks, Sabri
On Sat, 28 Aug 2021, 21:25 Mehmet Akcin, <mehmet@akcin.net> wrote:
I am kind of curious of the ICANN/IANA position on this?
*4) Neutrality and impartiality in relation to all interested parties, and particularly the LIRs* All organisations that receive service from the new RIR must be treated equally. The policies and guidelines proposed and implemented by the RIR need to ensure fair distribution of resources, and impartial treatment of the members/requestors. https://www.icann.org/resources/pages/new-rirs-criteria-2012-02-25-en Principle #4 of ICP-2 goes to emphasise a very important aspect of Internet Number Management which is "fair distribution of resources".
From the context of a party without reasonable Internet Infrastructure, lacks an ASN, has no IPv6 allocation. Would you call the over 6 million IPv4 allocations to an entity that does not participate in the Internet ecosystem itself, fair distribution?
Noah
It appears that Mehmet Akcin <mehmet@akcin.net> said:
I am kind of curious of the ICANN/IANA position on this?
I would be astonished if ICANN had a position. For one thing, they have no provision for dealing with competing IP registries since the issue has never come up and, until this strange situation, seemed vanishingly unlikely. For another, they are extremely allergic to anything that might even possibly involve them in a lawsuit. R's, John
John Levine wrote:
I would be astonished if ICANN had a position. For one thing, they have no provision for dealing with competing IP registries since the issue has never come up
As ICP-2: Criteria for Establishment of New Regional Internet Registries https://www.icann.org/resources/pages/new-rirs-criteria-2012-02-25-en 2) The new RIR must demonstrate that it has the broad support of the LIRs (ISP community) in the proposed region if overwhelming majority, which means there is no competition, of LIRs in AfriNIC region request to abandon AfriNIC and to have an alternate RIR, ICANN should honor the request.
For another, they are extremely allergic to anything that might even possibly involve them in a lawsuit. ICANN was established to protect governance structure (including RIRs, of course) of the Internet free from government (especially USG) interventions. As such, ICANN is expected to work to isolate African RIR operations from existing lawsuit.
Masataka Ohta
On Sun, Aug 29, 2021 at 8:44 PM Masataka Ohta < mohta@necom830.hpcl.titech.ac.jp> wrote: [ clip] As
ICP-2: Criteria for Establishment of New Regional Internet Registries
https://www.icann.org/resources/pages/new-rirs-criteria-2012-02-25-en 2) The new RIR must demonstrate that it has the broad support of the LIRs (ISP community) in the proposed region
if overwhelming majority, which means there is no competition, of LIRs in AfriNIC region request to abandon AfriNIC and to have an alternate RIR, ICANN should honor the request.
For another, they are extremely allergic to anything that might even possibly involve them in a lawsuit. ICANN was established to protect governance structure (including RIRs, of course) of the Internet free from government (especially USG) interventions. As such, ICANN is expected to work to isolate African RIR operations from existing lawsuit.
%s/isolate/move/g functions. That equates to a leadership change. It may be too soon to suggest that ICANN has any role other than risk analysis and coordination of mitigation. I'm not even certain if that's their role seeing how complicated the relationships between the RIR's and ICANN is. I've seen good summaries including John Currans and Milton Muellers. I've been leaning towards Milton's view. He didn't pardon Afrinic, but he also didn't suggest it's time to fold up shop there. A fight over crumbs: The Afrinic Crisis https://www.internetgovernance.org/2021/08/19/a-fight-over-crumbs-the-afrini... <queue JC who knows more about what ICANN can do than I> Warm regards, -M<
%s/isolate/move/g functions. That equates to a leadership change. It may be too soon to suggest that ICANN has any role other than risk analysis and coordination of mitigation. I'm not even certain if that's their role seeing how complicated the relationships between the RIR's and ICANN is. I've seen good summaries including John Currans and Milton Muellers. I've been leaning towards Milton's view. He didn't pardon Afrinic, but he also didn't suggest it's time to fold up shop there.
A fight over crumbs: The Afrinic Crisis
https://www.internetgovernance.org/2021/08/19/a-fight-over-crumbs-the-afrini...
The problem with Milton's POV is that he is willing to pick and choose which AfriNIC policies he likes and which he doesn't; this is not how it works. That community decided the policies, and it's our job in the other regions to make sure that scum bags like the one currently trying to suffocate AfriNIC fail miserably. Rubens
On Sun, Aug 29, 2021 at 21:13 Rubens Kuhl <rubensk@gmail.com> wrote:
%s/isolate/move/g functions. That equates to a leadership change. It may be too soon to suggest that ICANN has any role other than risk analysis and coordination of mitigation. I'm not even certain if that's their role seeing how complicated the relationships between the RIR's and ICANN is. I've seen good summaries including John Currans and Milton Muellers. I've been leaning towards Milton's view. He didn't pardon Afrinic, but he also didn't suggest it's time to fold up shop there.
A fight over crumbs: The Afrinic Crisis
https://www.internetgovernance.org/2021/08/19/a-fight-over-crumbs-the-afrini...
The problem with Milton's POV is that he is willing to pick and choose which AfriNIC policies he likes and which he doesn't; this is not how it works. That community decided the policies, and it's our job in the other regions to make sure that scum bags like the one currently trying to suffocate AfriNIC fail miserably.
Fair enough, but his TL;DR appears fair and he underscored the risk of the matter to the entire RIR system: government intervention. Warm regards, -M<
On Aug 29, 2021, at 17:41 , Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
John Levine wrote:
I would be astonished if ICANN had a position. For one thing, they have no provision for dealing with competing IP registries since the issue has never come up
As
ICP-2: Criteria for Establishment of New Regional Internet Registries https://www.icann.org/resources/pages/new-rirs-criteria-2012-02-25-en 2) The new RIR must demonstrate that it has the broad support of the LIRs (ISP community) in the proposed region
if overwhelming majority, which means there is no competition, of LIRs in AfriNIC region request to abandon AfriNIC and to have an alternate RIR, ICANN should honor the request.
ICANN _MIGHT_ be able (under ICP-2) to honor the request to accredit a new RIR if one is created. ICANN has no authority under ICP-2 to do anything about any RIR once it is accredited. There is no process for revoking an RIR’s accreditation and there is no mechanism for any entity to do so that I am aware of.
For another, they are extremely allergic to anything that might even possibly involve them in a lawsuit. ICANN was established to protect governance structure (including RIRs, of course) of the Internet free from government (especially USG) interventions. As such, ICANN is expected to work to isolate African RIR operations from existing lawsuit.
I think you have that somewhat wrong. Regardless of what you or anyone else may think ICANN was established for, the simple reality is that ICANN’s only ability to engage on any of this is that granted to it by the various IANA functions contracts from the empowered communities (IETF, NRO/ASO/RIRs, and various Domain-Related organizations). (No, I don’t have all the exact details spelled out correctly here, it’s almost impossible to identify them). ICANN does not have any ability to isolate African RIR operations from an existing lawsuit. If you think I’m wrong, please identify the authority and mechanism by which they could possibly do so. Owen
On 8/27/21 22:07, Bryan Fields wrote:
People, can we at least quote properly? I can't follow this at all.
I wish ARIN would stay out of this, it's not something that affects the ARIN region, and nothing said in this statement seems to refute any of the allegations against AFRINIC. What it does seem to do is state Lu Heng/Cloud Innovation is a shady guy. While this may be true, I'd expect a RIR to treat everyone the same, and that's the core of the legal complaint here. I'd expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
Well, NANOG is not ARIN. Also, it's the global Internet. Routers don't care about RIR's. Mark.
On Aug 27, 2021, at 10:07 PM, Bryan Fields <Bryan@bryanfields.net> wrote: I’d expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
You know what’s funny? There are a bunch of other people copying-and-pasting that same expectation on the AfriNIC and APNIC mailing lists, and they’re all beneficiaries of something called the “Larus Foundation.” So, if you’re not getting paid to copy and paste that, you might want to look into it: https://www.larus.foundation I hear it pays pretty well. -Bill
On 8/27/21 6:38 PM, Bill Woodcock wrote:
On Aug 27, 2021, at 10:07 PM, Bryan Fields <Bryan@bryanfields.net> wrote: I’d expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
You know what’s funny? There are a bunch of other people copying-and-pasting that same expectation on the AfriNIC and APNIC mailing lists, and they’re all beneficiaries of something called the “Larus Foundation.” So, if you’re not getting paid to copy and paste that, you might want to look into it:
I hear it pays pretty well.
-Bill
Bill, I'd respectfully ask you to consider that my opinions are my own; to imply differently is wrong and to do so publicly is worse. I'm not a shill, paid or otherwise, rather a member of the community looking at this from the outside and trying to understand it better. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
i’ll save you some time. larus Foundation seems to be a shell in Hong Kong. with one employee named as the “Chair” since 1/2019. (She was previously executive assistant to the CEO of Larus Cloud Service Limited, and before that at University.). There is an org chart but nobody on Linkedin has said they hold any of the positions. (As far as I can tell, HK does not appear to be completely transparent about charitable foundations, but Larus Foundation Limited is listed on the govt list as a tax exempt charitable foundation, effective 10/08/2020.) and then there’s LARUS Limited tagline: "The Best IP Address Solutions On The Planet” which seems to be in the same business as the plaintiff. Hm, he’s the CEO since 2016 according to LinkedIn.
On Aug 27, 2021, at 3:38 PM, Bill Woodcock <woody@pch.net> wrote:
On Aug 27, 2021, at 10:07 PM, Bryan Fields <Bryan@bryanfields.net> wrote: I’d expect that for a court to freeze assets of AFRINIC there must be a very strong argument.
You know what’s funny? There are a bunch of other people copying-and-pasting that same expectation on the AfriNIC and APNIC mailing lists, and they’re all beneficiaries of something called the “Larus Foundation.” So, if you’re not getting paid to copy and paste that, you might want to look into it:
I hear it pays pretty well.
-Bill
On Sat, 28 Aug 2021, 02:56 Mark Seiden, <mis@seiden.com> wrote:
i’ll save you some time.
larus Foundation seems to be a shell in Hong Kong. with one employee named as the “Chair” since 1/2019. (She was previously executive assistant to the CEO of Larus Cloud Service Limited, and before that at University.). There is an org chart but nobody on Linkedin has said they hold any of the positions.
(As far as I can tell, HK does not appear to be completely transparent about charitable foundations, but Larus Foundation Limited is listed on the govt list as a tax exempt charitable foundation, effective 10/08/2020.)
and then there’s
LARUS Limited
tagline: "The Best IP Address Solutions On The Planet” which seems to be in the same business as the plaintiff.
Hm, he’s the CEO since 2016 according to LinkedIn.
And the above sums up the whole dishonesty. Noah
----- On Aug 27, 2021, at 8:36 AM, Bill Woodcock woody@pch.net wrote: Hi,
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
Top Gear Top Tip: set a "travel notification" on your credit card prior to donating. It took me 3 failed attempts and 2 fraud notifications to get a payment through. The fraud notifications were delayed as well. Chase credit card. "Verified by VISA". Right. And yes Mel, you're right about NANOG's AUP but this is not a legal matter, this is to keep AfriNIC in business... Thanks, Sabri
Sabri, I agree that the donation request is within the AUP. But the discussion then devolved into details on a private legal dispute, with both sides airing their grievances. There is a place for that discussion. It’s just not NANOG. -mel
On Aug 27, 2021, at 2:58 PM, Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Aug 27, 2021, at 8:36 AM, Bill Woodcock woody@pch.net wrote:
Hi,
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
Top Gear Top Tip: set a "travel notification" on your credit card prior to donating. It took me 3 failed attempts and 2 fraud notifications to get a payment through. The fraud notifications were delayed as well. Chase credit card.
"Verified by VISA". Right.
And yes Mel, you're right about NANOG's AUP but this is not a legal matter, this is to keep AfriNIC in business...
Thanks,
Sabri
On 8/27/21 2:58 PM, Sabri Berisha wrote:
----- On Aug 27, 2021, at 8:36 AM, Bill Woodcock woody@pch.net wrote:
Hi,
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001 Top Gear Top Tip: set a "travel notification" on your credit card prior to donating. It took me 3 failed attempts and 2 fraud notifications to get a payment through. The fraud notifications were delayed as well. Chase credit card.
"Verified by VISA". Right.
And yes Mel, you're right about NANOG's AUP but this is not a legal matter, this is to keep AfriNIC in business...
Yeah, I'd think that not being able to do business allocating blocks is definitionally an operator issue. Mike
Fundamentally I think everyone should care about this situation. As I read it, it breaks down as : - AFRINIC and Cloud Innovation are engaged in a dispute over number assignment policies. - AFRINIC invokes the clause that they are reclaiming the space in question. - Cloud Innovation files for garnishment, stating that AFRINIG is 'taking' IP addresses worth millions of dollars, therefore it is entitled to damages. - The courts grant the garnishment, although such garnishment is at Cloud Innovation's risk. ( Meaning if they are challenged and lose, they are on the hook for damages for taking the action.) - However, in the process, since Cloud Innovation has claimed enough damages to freeze all of AFRINIC's accounts, they now have no money accessible to protect their legal rights on the IP address, or defend themselves against the damaged seizure. As Mr. Curran put forth a week ago, 'property rights' of IP allocations are an unsettled area. What happens if this holds up that the court there rules that you 'own' the IPs assigned to you from an RIR until you give them back? That sure creates a mess with any RIR views that allocations as simply entries in a database. How long would it take before some clown in a boardroom decides that want to latch onto that ruling and do something stupid to 'maximize shareholder value' and there's an expensive legal brawl over that? How long before people start popping up and laying claim as the 'rightful owner' of addresses from the origin days? Do we really want to see RIRs and our companies dealing with BS lawsuits for things like this? It only has to work once... On Fri, Aug 27, 2021 at 11:37 AM Bill Woodcock <woody@pch.net> wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu...
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
On 2021-08-28 00:58, Tom Beecher wrote:
Fundamentally I think everyone should care about this situation. As I read it, it breaks down as :
- AFRINIC and Cloud Innovation are engaged in a dispute over number assignment policies. - AFRINIC invokes the clause that they are reclaiming the space in question. - Cloud Innovation files for garnishment, stating that AFRINIG is 'taking' IP addresses worth millions of dollars, therefore it is entitled to damages. - The courts grant the garnishment, although such garnishment is at Cloud Innovation's risk. ( Meaning if they are challenged and lose, they are on the hook for damages for taking the action.) - However, in the process, since Cloud Innovation has claimed enough damages to freeze all of AFRINIC's accounts, they now have no money accessible to protect their legal rights on the IP address, or defend themselves against the damaged seizure.
As Mr. Curran put forth a week ago, 'property rights' of IP allocations are an unsettled area. What happens if this holds up that the court there rules that you 'own' the IPs assigned to you from an RIR until you give them back? That sure creates a mess with any RIR views that allocations as simply entries in a database.
This thing about entries in a database seems to be used when it's convenient to downplay the market value and operational importance of IP addresses. Even the people leading the crusade against Cloud Innovation in this thread are claiming that it's about millions of addresses for dramatic effect. This kind of dispute is going to happen more as the value of addresses goes up and the RIRs realize what a gold mine they have by shaking down spammers and other unpopular resource holders. I imagine some of the operators on this list have resources they could return if they wanted to. Maybe some will, but they'd be better off selling them before the RIRs decide to expand their scope and start mass reclaiming for profit. Hopefully RPKI, AS0, etc. won't be abused to reclaim resources just because they're valuable.
How long would it take before some clown in a boardroom decides that want to latch onto that ruling and do something stupid to 'maximize shareholder value' and there's an expensive legal brawl over that? How long before people start popping up and laying claim as the 'rightful owner' of addresses from the origin days? Do we really want to see RIRs and our companies dealing with BS lawsuits for things like this? It only has to work once...
On Fri, Aug 27, 2021 at 11:37 AM Bill Woodcock <woody@pch.net <mailto:woody@pch.net>> wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu... <https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-number-registry-system/>
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001 <https://www.tespok.co.ke/?page_id=14001>
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
Maybe some will, but they'd be better off selling them before the RIRs decide to expand their scope and start mass reclaiming for profit.
I'm sorry, what? On Fri, Aug 27, 2021 at 9:36 PM Laszlo Hanyecz <laszlo@heliacal.net> wrote:
On 2021-08-28 00:58, Tom Beecher wrote:
Fundamentally I think everyone should care about this situation. As I read it, it breaks down as :
- AFRINIC and Cloud Innovation are engaged in a dispute over number assignment policies. - AFRINIC invokes the clause that they are reclaiming the space in question. - Cloud Innovation files for garnishment, stating that AFRINIG is 'taking' IP addresses worth millions of dollars, therefore it is entitled to damages. - The courts grant the garnishment, although such garnishment is at Cloud Innovation's risk. ( Meaning if they are challenged and lose, they are on the hook for damages for taking the action.) - However, in the process, since Cloud Innovation has claimed enough damages to freeze all of AFRINIC's accounts, they now have no money accessible to protect their legal rights on the IP address, or defend themselves against the damaged seizure.
As Mr. Curran put forth a week ago, 'property rights' of IP allocations are an unsettled area. What happens if this holds up that the court there rules that you 'own' the IPs assigned to you from an RIR until you give them back? That sure creates a mess with any RIR views that allocations as simply entries in a database.
This thing about entries in a database seems to be used when it's convenient to downplay the market value and operational importance of IP addresses. Even the people leading the crusade against Cloud Innovation in this thread are claiming that it's about millions of addresses for dramatic effect. This kind of dispute is going to happen more as the value of addresses goes up and the RIRs realize what a gold mine they have by shaking down spammers and other unpopular resource holders. I imagine some of the operators on this list have resources they could return if they wanted to. Maybe some will, but they'd be better off selling them before the RIRs decide to expand their scope and start mass reclaiming for profit. Hopefully RPKI, AS0, etc. won't be abused to reclaim resources just because they're valuable.
How long would it take before some clown in a boardroom decides that want to latch onto that ruling and do something stupid to 'maximize shareholder value' and there's an expensive legal brawl over that? How long before people start popping up and laying claim as the 'rightful owner' of addresses from the origin days? Do we really want to see RIRs and our companies dealing with BS lawsuits for things like this? It only has to work once...
On Fri, Aug 27, 2021 at 11:37 AM Bill Woodcock <woody@pch.net> wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu...
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
On 27/08/2021 18:36, Bill Woodcock wrote:
As many of you are aware, AfriNIC is under legal attack by Heng Lu / “Cloud Innovation.”
John Curran just posted an excellent summary of the current state of affairs here:
https://teamarin.net/2021/08/27/afrinic-and-the-stability-of-the-internet-nu...
If, like me, you feel like chipping in a little bit of money to help AfriNIC make payroll despite Heng having gotten their bank accounts frozen, some of the African ISP associations have put together a fund, which you can donate to here:
https://www.tespok.co.ke/?page_id=14001
It’s an unfortunate situation, but the African Internet community has really pulled together to defend themselves, and they’ve got a lot less resources than most of us do.
-Bill
Why not just use the RIR Joint Stability Fund which was created for exactly these situations before asking for donations? Details here: https://www.nro.net/accountability/rir-accountability/joint-rir-stability-fu... Regards, Hank Caveat: The views expressed above are solely my own and do not express the views or opinions of my employer
participants (37)
-
Aaron Wendel
-
Baldur Norddahl
-
Bill Woodcock
-
Brielle
-
Bryan Fields
-
Christopher Morrow
-
Compton, Rich A
-
Constantine A. Murenin
-
Hank Nussbacher
-
Jay Hennigan
-
John Curran
-
John Curran
-
John Kristoff
-
John Levine
-
Jon Lewis
-
Laszlo Hanyecz
-
Lukas Tribus
-
Mark Seiden
-
Mark Tinka
-
Martin Hannigan
-
Masataka Ohta
-
Mehmet Akcin
-
Mel Beckman
-
Michael Thomas
-
Mike Hale
-
Nathan Angelacos
-
Niels Bakker
-
Noah
-
Owen DeLong
-
Randy Bush
-
Rubens Kuhl
-
Sabri Berisha
-
Stephane Bortzmeyer
-
Tom Beecher
-
Valdis Klētnieks
-
Valerie Wittkop
-
Vincentz Petzholtz