Home / Blogs

Country Internet Registries: One African Perspective

McTim

Paul Wilson, Secretary-General of APNIC, was correct when he reminded the panelists of the IGF2009 workshop "Adopting IPv6: What You Need To Know” that "countries don't typically get IP address allocations, network service providers do".

The ITU stills seems to cling to the notion that countries get IP blocks, as that is the driver for Resolution 64, which in turn is the basis for a study commissioned by the ITU which recommends the implementation of Country Internet Registries as competition to the Regional Internet Registries.

The ITU staff member who spoke about Resolution 64 told us tell us that some ITU members feel "everything is perfect" in relation to IPv6 address distribution, and that nothing should change. However some other member states, particularly those from the developing world want some changes. My question to her (if that workshop had had remote participation available) would have been: "Which developing countries asked for this and when?"

Her rhetoric was straight out of the pre-WSIS era, like the last 5 years of capacity building around these issues haven't happened. The first thing that struck me as not being current was her statement that "GAC statistics show that developing countries representatives are relatively low and in the RIR [regional Internet registry] process".

Well, I just took a look at the composition of the GAC, and I see 45 developed nations and 43 developing countries who have GAC seats. (I used a very generous definition of "developed countries" BTW, so it's possible that by others definitions, emerging economies have more representation in the GAC than the developed world). The second part of that statement is untrue by definition, here in Africa, and I suspect, in other parts of the world. In other words, it seems obvious that in the AfriNIC Policy Development Process for example, we should hear mostly African voices participating in IP address policy making. In fact, this is the case, as I am sure is true in the LACNIC and APNIC regions.

My feeling is that if countries (as nation states) want to participate in the IP address policy communities, then they should make sure their employees become involved (as they have clearly done in the GAC). In any case, the idea that developing countries are not represented in the policy development process (PDPs) of the RIRs is nonsensical. Having more localized representation and regional self determination regarding policies is the reason we have the 2 newest RIRs.

Bringing the IP address PDPs closer to the people (on a national level instead of a regional level) is one reason cited by Professor Sureswaran Ramadass, to develop Country Internet Registries in his study commissioned by the ITU. Conveniently enough, the study calls for the ITU to be the "Alternative RIR" but for a global region (oxymoronic, I know). The problem with the notion of putting nation states in charge of IP address policies is that there is no guarantee that these states would build PDPs that are open, transparent and bottom up, as is the case with the current RIR PDPs. In Africa, decisions made by governments are usually made behind closed doors, and unfortunately these decisions are not necessarily made in the public interest, or in the interests of the community of global Internet users. By contrast, the AfriNIC PDP is completely open, transparent and inclusive. Anyone can join and help determine the policies followed by AfriNIC staff and Local Internet Registries.

In addition, once a nation has an telecommunications asset (think frequencies or licenses), as IPv6 blocks would surely be perceived, the tendency is to maximize revenue from that asset. These assets have been traditionally used to protect incumbent telcos and, more unfortunately, to line the pockets of government officials. Dr. Ramadass seems naive when he suggests that country-based Internet registry (CIRs) wouldn't necessarily be publicly owned. Would the ITU allow a non-member Civil Society body to run a CIR when it had an ITU member (usually a regulator or incumbent monopoly telco) in that country?? Would the regulator/government allow such a scheme if there was an asset they think they could monetize? It seems highly unlikely.

Several years ago, one African nation I am familiar with, even mooted the idea that ISPs MUST get their IP addresses from the regulator. Scary, but true, and I'm afraid this would become quite common.

Professor Ramadass' main thrust was that Internet users have matured, they want a choice. "Right now we have a single choice, and choices is what we are asking for." What he seems to ignore, or not understand, is that users get their addresses from their ISP who acts as a local Internet registries (LIRs). As long as Users have a choice of ISPs, then they have choice in selecting IP address provider, of course, what they are buying is not IP addresses, but IP connectivity. Dr. Ramadass misses this (or completely ignores it) or perhaps its just hyperbole when giving a presentation, but the idea of end user choice when selecting an IP address registry means decoupling IP address assignment from connectivity. In this document, the end user in his plan gets their IP addresses from their ISP, so perhaps it was just a rhetorical flourish.

It wasn't his strangest however, that was "Can any of you tell me you would only like to buy from one shop? Can any woman tell you that?" It doesn't matter if you are an end user or an ISP, one doesn't BUY IP addresses, one leases them for the duration of an allocation or assignment.

Another bombshell of his: "Why don't the 5 RIRs compete." Instead of competition between the RIRs, we have cooperation, collaboration and coordination. I will leave it as an exercise to the reader to determine which is better for the Internet as a whole. Of course, If you are a global organization, you CAN get allocations from different RIRs for business units in those distinct regions, but these (relatively few) cases aren't really seen as competition between the RIRs.

When talking about conservation of addresses he implied that address blocks are given out to all that apply: "that means my son could go on the net, put up an application and get a /32" Now that is weird. Of course his son could get a /32, IF he could meet the criteria in his region. He would have to prove he had a legitimate business, via company registration documents, become a member of the RIR, pay his dues as a member and describe in his application how the address block would be used. It's not like IP blocks are just given out willy-nilly. However, his proposal would open up the field to just such abuse, as there is no guarantee that CIRs would follow the strict application processes that the RIRs use.

Local Internet Registries must agree to follow the rules of the RIR. Dr. Ramadass suggests that enforcement of this is too big a task on a regional level, it should be done locally. That is the beauty of the LIR, it does the local education and agrees to enforce the regional policies at the local level when it becomes a LIR. LIRs also do the functions he mentions would be done by a CIR (systems, training, helpdesk). LIRs help their customers with the often arcane knowledge regarding routing and DNS reverse delegation procedures and they can do it in their local language. The burden of setting up CIRs for developing countries would be onerous and very difficult, as engineers would have to be lured from the private sector or given extensive training. Who would pay for this? The ITU? This training is already being done by AfriNIC and AfNOG to LIRs. Would we replicate the AfriNIC training course 53 times (one per African nation). How about replicating WHOIS services, instead of the 5 RIRs providing WHOIS service, would we have hundreds of entities doing this? This all strikes me as an extraordinarily inefficient use of scarce resources.

Prof. Ramadass also claimed that CIRs would localize websites, so that people could understand IP address policies in their own language. If one looks at African regulators websites, one doesn't see much evidence of this at all in regards to telecom policy, so this is a dubious claim at best. However, RIRs in the developing world do offer helpdesk services and training courses in multiple languages. Here in Africa for example, you can go to an IPv6 training course in French or English. if the ITU really wants to help deploy Ipv6 in the developing world, perhaps, as mandated in Resolution 64 they could financially support these multilingual training courses and existing RIR meeting fellowship programs instead of funding self serving "studies".

The APNIC region, where Dr. Ramadass is from, has actually tried this model, which as Izumi Aizu pointed out in the workshop, hasn't met with the greatest success. If I remember correctly, the APNIC community decided years ago to phase out this model. The study acknowledges this saying;

"Currently APNIC has a structure called NIRs. However, the uptake of the NIR model has been very limited. Currently, the existing NIRs essentially process and approve IP address requests made by their countries ISPs and organizations. The address allocations however, are directly made by the respective RIRs and not by the NIRs themselves."

So if it has been tried and failed, what is the motivation for trying again? It would be very interesting indeed to see the documentation on which ITU member states are calling for this kind of system.

In the workshop Dr. Ramadass gave the impression that /32s would be allocated by the ITU to CIRs, but in the document cited above, it seems that the plan is to give CIRs each a /24. Perhaps the document I found is an earlier version. Whatever the case, this plan would lead to greater fragmentation of address space and routing table bloat. This puts undue burden on ISPs in the developing countries who may not be able to afford the "big iron" that ISPs in more developed parts of the world routinely buy. Experts in the field gave excellent background briefings on Internet routing economics in various IPv6 workshops at the 2009 IGF, so I won't belabor the point, except to say that when the study commissioned by the ITU says:

Both the RIR and CIR model follow addressing hierarchy and strive for address aggregation. Irrespective of the RIR or CIR model, address aggregation purely depends on the address allocation algorithm and policies followed.

It ignores the deleterious effects that multiple hierarchies, allocation algorithms and policies differences would have on Internet routing.

All in all, it seems to me that when Dr. Ramadass claims that this plan would have no change on the "integrity, sustainability and routability." of IP address distribution, he is blind to the the negative impacts that the actual implementation of this plan would have in Africa and other parts of the developing world.

A woman from the Nigerian regulator made a great intervention after the presentation on CIRs. She mentioned that there is only one place to get frequency (from the ITU) and this makes for a stable and reliable system of allocation. She noted that in order for such radical change in IPv6 allocation processes to be justified, there must be an ongoing market failure. Clearly the RIRs have not failed in this regard, as the ITU has not failed in spectrum allocation.

If the ITU continues to press this idea, perhaps we Internet users should demand competition in spectrum allocation as well!

By McTim, Internet policy and governance consultant
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Correction: NIRs in the APNIC region are NOT being phased out McTim  –  Mar 04, 2010 11:52 PM PDT

Apologies, I was under the impression that the APNIC community had decided not to create new NIRs.  I was mistaken about that.

Yes. India got theirs recently Suresh Ramasubramanian  –  Mar 05, 2010 6:39 AM PDT

And the Indian proposal for an NIR draws analogies to E164. Interesting reading I must say.

http://www.tec.gov.in/technology updates/study paper on Inernet_Registry.pdf

There's been a lot of support (from various Indian ISP CEOs typically, and ISOC Delhi <- how many members does that have?, and others). Only one struck me as being very impassioned, and valid.  From an old friend of mine GP Singh ..

http://mailman.apnic.net/mailing-lists/apnic-talk/archive/2009/11/msg00089.html

still a great deal of capacity building to do... McTim  –  Mar 06, 2010 4:42 AM PDT

Hi Suresh,

Reading the tec.gov.in document, it seems there is still some some confusion about how an NIR works in the APNIC region.

Perhaps it is an old document, but they seem to think they will get a /23 and make their own allocations.  According to the policy document: That is not quite the way it works.

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias