Home / Blogs

The Importance of IP Resource Planning in Government ICT Strategic Plans

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Mukom Akong Tamon

It seems everywhere I turn, there's someone throwing around statistics for how the Internet and broadband will drive economic growth, create jobs, end world hunger and bring world peace (ok, maybe not the later). Sure enough, government officials are buying into that rhetoric and extending it in initiatives like national broadband strategies, cybercrime and cybersecurity plans as well as e-governance strategies.

Often missing from these initiatives (particularly in the ICT strategies of most developing countries) is an explicit analysis of the role and impact of IP resources towards the success of the initiative. A gross simplification of the how the Internet works is that it is a network of networks (inter-net). Each network is comprised of nodes (servers and clients) identified primarily by IP address (e.g. one of Google's search servers is and 2a00:1450:4007:808::100). All the addresses for a given network are identified as belonging to an Autonomous System Number (ASN). These ASNs identify individual networks and are required for one network to communicate with another network. This typically happens using what network engines call the BGP routing protocol.

Therefore, you cannot have an independent Internet identity for your network if you don't have both your own IP address space and ASN. Governments typically will own many networks. Networks for datacenters which power online government services, user networks that power the work of the agents of government, networks to facilitate research and education (typically called Research and Education Networks) and even networks for things like surveillance aka national security. I'll call on governments particularly in developing countries to go the extra step and secure the IP addresses and an ASNs required to have complete control of their networks.

So you might ask, lots of governments are doing just fine today without having IP address space and ASNs, how are they functioning on the Internet? The answer is that they are using the IP address resources of an Internet Service Provider which connects them to the Internet. There are several reasons this might not be an effective thing to do and here are some:

  1. From an addressing perspective, the government network doesn't exist. It is seen as part of the ISPs network by the rest of the world.
  2. The Internet reputation of the government is then tied to that of the ISP and its other clients. Bad behaviour by any of the clients of the ISPs will be traced back to the ISPs and all of its clients by association. Think of it as the technical version of generalising for the negative (you had a bad meal at a restaurant and then vow never to eat anything in that restaurant or chain of restaurants.)
  3. This model severely limits the governments ability to provide redundant connections to the Internet. If the ISP fails, the government online services goes down with it.
  4. The government is unable to create and implement a policy about which networks it wants to or doesn't want to exchange traffic with (i.e routing policy) because it cannot run BGP and act as a player that connects to other networks.
  5. It hampers governments ability to act as an independent content provider. What if the ISP for its own business reasons doesn't like to communicate with another network whose users need access to government online content?

The last scenario is most likely to happen within the country. Imagine a country with several large ISPs who naturally are in competition with each other. The government happens to be a client of one of those ISPs (a very dependent client if that government doesn't have its own IP resources). Despite the competition amongst the ISPs, users of all the networks might still need access to government services that reside on the network of a competitor. It so happens that a tactic of such competitiveness might be hostile treatment of a competing ISPs traffic (throttle traffic to or from a competitors network and give your own users an advantage). You could end up with a situation where large sections of the population are unable to access government online services. As an aside governments should be impartial to businesses in the country and not let themselves be wittingly used as pawns in competitive games of various ISPs - the best way to ensure this is for the government to have its own IP identity (IPv4 space, IPv6 space, ASNs), get physical connectivity from one or more ISPs and then peer with all other ISPs ideally an Internet Exchange Point.

Of course, many government networks in developing countries use network address and port translation (NAT) on their internal networks. This has quite a few bad consequences that we'll explore in another post. So here is what I'd advocate for any government and particularly those in Africa.

  1. Determine the exact address needs for all of your infrastructure. The goal should be - "how do we eliminate the use of NAT so that each device on the government network is uniquely identifiable? Eliminating NAT results in simpler networks that are easier maintain, extend and innovate..
  2. Contact your regional Internet registry (RIR) to get the address space you need. This would be AFRINIC for Africa, LACNIC for Latin America, APNIC for the Asia Pacific, RIPE NCC for Europe, the middle east and Russia and ARIN for North America.
  3. You will also need one or more ASNs for your address space. Start with one and if there's a need for more you can always get it.
  4. And while you are at it bear in mind that the we are running out of IPv4 address space, so future-proof your network by making it run IPv6 as well.

Going back to the opening, a good IP resource strategy is key to realising the broadband initiatives of a country, as well as driving the use of the Internet as development too. Without more IP addresses, IP-address poor countries (think most African and Asia Pacific countries) will never sustainably realise their universal broadband ambitions (and can kiss goodbye to that 0.3% GDP growth that results from doubling broadband speed). Without a good IP resource strategy, it will become increasingly difficult and expensive to protect the Internet from abuse by criminals. Without a good IP resources strategy, a government cannot assure that the Internet will continue to grow and be accessible to all its citizens. Make sure your national ICT strategies explicitly includes and IP resources strategy.

By Mukom Akong Tamon, Chief Excellence Officerâ„¢ | Certified in IPv6, 4DX Strategy Execution, Lean Si. Mukom works for a Regional Internet Registry (RIR). Everything he writes are his opinion and do not necessarily reflect the views of his employers, past, present or future.

Related topics: Cybercrime, Internet Governance, Internet Protocol, IP Addressing, IPv6, Net Neutrality, Regional Registries, Telecom



To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

i2Coalition to Host First Ever Smarter Internet Forum

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Dyn Comments on ICG Proposal for IANA Transition

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence