17th February 2020
CPM (new section)
1. Summary of the problem being addressed by this proposal
The AFRINIC RSA mandates members to comply with the AFRINIC policies developed via the PDP.
Section 4.c of the RSA states the irrevocable commitment of the member for using the services for the purpose for which it was requested and in full unreserved compliance with AFRINIC policies.
This is of key importance, because a member not following the policies may be impacted in the evaluation of future requests by AFRINIC, the revocation of the services or even the closure of the member (section 4.b.iii).
Just to be clear, “services” are defined in the RSA, under section 1.c, and those include number resources, among others. So, the impact for a member that is not following the PDP process and CPM changes, maybe of catastrophic business consequences.
The PDP is continuously updating the CPM, and it is obvious that some members may not be following, up to date, all the details and possible impact in their services/resources, while the RSA states that AFRINIC, at its own discretion, can investigate the use of the services.
Consequently, members should be protected against this situation, in a simple manner that allows them to know their up to date policy compliance, get alerts about the lack of compliance and consequently react to address those.
At the same time, the RSA doesn’t state a specific procedure to resolve the situation with members, and facilitate them the actual compliance, neither if they should get a specific time or opportunities to resolve the situation, in a fair way to all the members, instead of taking irreversible decisions at the first occasion of any policy violation.
There should be always equal opportunities for any member to correct mistakes before reaching a fatal point.
2. Summary of how this proposal addresses the problem
This proposal provides the framework for a “Policy Compliance Dashboard”, to be developed by AFRINIC, and incorporated to MyAFRINIC (and future members communications platforms).
This will allow periodically review of the policy compliance status of each member, as much automated as possible, so they can receive automated notifications of any issue. Warnings will be also sent to the staff, and only in cases of a continued and repeated lack of compliance, or severe violation of certain aspects of the CPM, AFRINIC will be able to take further actions according to the RSA.
Considering the exhaustion of IPv4, recovered/returned IPv4 resources are placed at the end of the actual pool. However, other resources are quarantined for a period of 2 years. This way, the staff can take measures to ensure that all the resources are as clean as possible, before being allocated/assigned again.
Adding a new section in the CPM, numbered as best fits according to the staff criteria, as follows:
|1. Policy Compliance||
AFRINIC services are provided to members under the umbrella of the RSA mandate, which in turn ask for compliance with policies.
Those policies are documented in the CPM, which is continuously updated by the PDP.
|2. Policy Compliance Dashboard||
AFRINIC “Policy Compliance Dashboard” shows to each member its status of policy compliance, collected by means of a periodical review, automated as much as possible. The dashboard will show all possible details to match the CPM and RSA, such as:
The dashboard automation will need to be accommodated along CPM evolves thru the PDP, in order to display new details.
The dashboard will automatically send notifications of the status of compliance to members, after each review or dashboard update.
Reminders will be periodically sent in case of any lack of compliance. In this case, warnings will be also sent to the staff.
|4. Lack of Compliance||
AFRINIC will be able to initiate a more exhaustive investigation and take further actions, according to the RSA, when there is evidence suggesting that there is a lack of compliance.
It will not be considered lack of compliance when the policy violation has been caused by a third party, without the knowledge of the member, and if it is evident that there is no collusion or negligence on its part.
|5. Service Withholding, Revocation or Member Closure||
Unauthorized transfers, lack of payment or document fraud, once confirmed, will be cause of the revocation of the services and member closure.
Repeated and/or continued policy violations once confirmed, may be cause of service withholding and resource revocation. Towards that, AFRINIC will take the following steps:
|6. Exceptionalities||When the revocation of resources involves essential strategic infrastructure that is necessary for the operation of the Internet in the region, or in exceptional situations such as natural disasters or political instability, the AFRINIC Board may extend the resource revocation period, with prior assessment by the Staff, once such an exceptional situation is detected.|
|7. Resource Return||
Resource recipients may return the resources to AFRINIC, in full or in part, at any time.
If all the resources are returned, all the other provisions specified in the RSA and Bylaws will apply.
|8. Resource Publication||AFRINIC will publicly list the resources that have been recovered or returned, so that routing filters can be adjusted.|
|9. Use of Recovered or Returned Resources||
IPv4 resources will be incorporated at the “end” of the pool in force at the time of the recovery or return, for use in the order in which they have been added to that pool.
The IPv6 and ASN resources will be incorporated into their respective pools, after 2 years of their recovery or return.
However, AFRINIC may use these resources differently, in the application of best practices, to optimize compliance with the provisions of section 2 of RFC7020. For example, if 16-bit ASNs are recovered or returned.
Similar policies or procedures, for the same/similar purposes, also exist in the other regions.
- APNIC: https://www.apnic.net/community/policy/resources#4.2.-Closure-and-recovery
- ARIN: https://www.arin.net/participate/policy/nrpm/#12-resource-review
- LACNIC: An equivalent proposal reached consensus (pending implementation): https://politicas.lacnic.net/politicas/detail/id/LAC-2019-9?language=en
- RIPE NCC: https://www.ripe.net/publications/docs/ripe-694 || https://www.ripe.net/publications/docs/ripe-716