Policy Archive

RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space (Draft 2) Archived

: Last Modified on - 03 December 2021

Details

RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space
ID:	AFPUB-2019-GEN-006-DRAFT02	Date Submitted:	30th July 2020
Author:	Frank Habicht geier at geier.ne.tz Tanzania ISP Association Mark Elkins mje at posix.co.za POSIX Jordi Palet Martinez jordi.palet at theipv6company.com The IPv6 Company Haitham El Nakhal Hytham at tra.gov.eg National Telecom Regulatory Authority (NTRA)	Version:	2.0
Obsoletes:		Amends:	New section

Proposal

1.0 Summary of the problem being addressed by this proposal

Address space managed by AFRINIC which has is either “Unallocated” or “Unassigned” is considered “Bogon address space”. As defined in RFC3871, A “Bogon” (plural: “bogons”) is a packet with an IP source address in an address block not yet allocated by IANA or the RIRs as well as all addresses reserved for private or special use by RFCs.

The purpose of creating RPKI ROAs with Origin AS0 for AFRINIC’s unallocated and unassigned address space is to restrict the propagation of BGP announcements covering such bogon space. When AFRINIC issues a ROA with AS0 for unallocated address space under AFRINIC’s administration, BGP announcements covering this space will be marked as Invalid by networks doing RPKI based BGP Origin Validation using AFRINIC’s TAL.

2.0 Summary of how this proposal addresses the problem

This proposal instructs AFRINIC to create ROAs for all unallocated and unassigned address space under its control. This will enable networks performing RPKI-based BGP Origin Validation to easily reject all the bogon announcements covering resources managed by AFRINIC.

Currently, in the absence of any ROA, these bogons are marked as NotFound. Since many operators have implemented ROV and either planning or already discarding Invalid, then all the AS0 ROAs which AFRINIC will create for unallocated address space will be discarded as well.

The process for ROA validity periods and release of ROAs before assignment/allocation by AFRINIC is left for AFRINIC staff to define in internal procedures.

It is suggested that, if this policy is adopted, it is placed as a new section at the end of the CPM. This editorial modification can be done by the staff, renumbering/reordering any relevant sections, even adjusting titles/subtitles for the new section to better match the adopted text.

3. Proposal

New CPM section as follows:

Current

Proposed

1 RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space

AFRINIC will create ROAs with origin AS0 for all the unallocated and unassigned address space (IPv4 and IPv6) for which it is the current administrator. Any resource holder can create AS0 (zero) ROAs for the resources they have under their account/administration.

An RPKI ROA is a positive attestation that a prefix holder has authorized an Autonomous System to originate a route for this prefix to the global BGP routing table. An RPKI ROA for the same prefixes with AS0 (zero) origin shows a negative intent from the resource holder to have the prefixes advertised in the global BGP routing table.

Only AFRINIC has the authority to create RPKI ROAs for address space not yet allocated or assigned to its members.

If AFRINIC wants to allocate address space to one of its members, the RPKI ROA or ROAs with origin AS0 will have to be revoked beforehand.

Address space can only be allocated once the ROA or ROAs with origin AS0 have been fully removed and are not visible in the repositories.

The AS0 ROAs could be under a distinct Trust Anchor Locator (TAL), so it becomes an opt-in service and provides separate measurements, at least in the initial deployment phases. This and other operational details are left to the discretion of AFRINIC.

4.0 References

An equivalent proposal has already reached consensus in APNIC and LACNIC.

AFRINIC Policy Impact Assessment

AFRINIC STAFF ASSESSMENT

Date of Assessment	Relevant to Proposal
18 Aug 2020	AFPUB-2019-GEN-006-DRAFT02

1.0 Staff Interpretation & Understanding of the proposal

This proposal requires AFRINIC to create ROAs with origin AS0 for all its unallocated and unassigned IPv4 and IPv6 address space that it currently administers. unallocated and unassigned space here means available and reserved space as per the AFRINIC extended delegated stats file.
New prefixes received from IANA/PTI would immediately have AS0 ROA's.
Any prefixes returned by or reclaimed from members will also have AS0 ROAs
When AFRINIC allocates address space to one of its Resource Members, the RPKI ROA or ROAs with origin AS0 covering the space will first have to be revoked AND not be visible in the repositories, before the allocation/assignment can happen.
The process for ROA validity periods and release of ROAs before assignment/allocation by AFRINIC is left for AFRINIC staff to define in internal procedures.
The AS0 ROAs could be under a distinct Trust Anchor Locator (TAL), so it becomes an opt-in service and provides separate measurements, at least in the initial deployment phases.
The validity period for these ROAs shall be 10 years (as it currently is for all ROAs) unless a specific validity period is specified by the policy proposal authors.

Impact on members

A resource member can create AS0 (zero) ROAs for the resources (e.g IXPs peering prefixes) they have under their account/administration for resources that they do not intend to announce.

Resource Members need to ensure that they do not create AS0 ROAs for resources that are required to be announced as per the Consolidated Policy Manual.

2.0 AFRINIC Staff Comments on the clarity of policy

None

3.0 AFRINIC Staff Clarification Requests

What will be the validity period of these AS0 ROAs? 10 years?

4.0 Staff Comments On Areas of Impact

Impact on Registry Functions

An upgrade of the AFRINIC inventory management system will be required in order to implement this policy
Automation of the creation of AS0 ROAs for resources currently unallocated in its inventory as well as incoming resources (either from resource reclamation, returns or replenishment of its pool from IANA/PTI)
Adjustments of resource issuance process as well as timeframes to ensure that ROAs are revoked and that the revoked ROAsare removed from the validators repositories before the resources are issued. (James Chirwa to provide the time that this currently takes).
An update on AFRINIC systems interfaces & internal controls used for resource & transfer management will be required
Improve overall monitoring to ensure that members do not consistently create ROAs with AS0 with the prefixes they need to announce in compliance with the policies under which they received these resources.
Existing policies implemented or undergoing implementation will be put into consideration so that a check is run to determine which prefixes' usage does not require an announcement in global routing
Member documentation for ROAs management shall be updated

Impact on RPKI

On the RPKI side, 3 options have been scoped notably,

Use the existing AFRINIC RPKI Tree
Additional Production certificate (0/0) for unallocated space only
New Trust Anchor with a single Production Certificate

AFRINIC recommends option C because it then becomes an opt-in service and does not pollute the current RPKI.

Legal Assessment

No comments

5.0 Implementation Timeline

The policy can be implemented as written within 6 months from the Last Call.

Simple PDP Update for the new “Normal” (Draft-1) | Expired

: Last Modified on - 21 September 2021

Details

Simple PDP Update for the new “Normal”
ID:	AFPUB-2020-GEN-003-DRAFT01	Date Submitted:	7 August 2020
Author:	Jordi Palet Martinez jordi.palet at theipv6company.com The IPv6 Company	Version:	1.0
Status:	Expired	Amends:	CPM art 3.0

Proposal

1. Summary of the problem being addressed by this proposal

The Policy Development Working Group (PDWG) discusses the policy proposals and anyone may participate either in the Resource Policy Discussion mailing list (RPD) and the bi-annual Public Policy Meetings (PPM).

However, not all RPD participants are able to attend all the PPM, where the Chairs determine whether rough consensus has been achieved, so discrimination could be generated towards those not able to attend, which usually are a much larger group, following the current PDP text (The Chair(s) determine(s) whether rough consensus has been achieved during the Public Policy Meeting).

With its requirement of face-to-face participation at the PPM, the current PDP might – at least partially – be the cause of the low levels of community participation in the process.

This proposal would simplify the process by not requiring participation at the in-person PPM to achieve consensus – instead, consensus would be determined balancing the mailing list and the forum – and would, therefore, increase community participation.

Further to that, considering the pandemic situation and that this may be extended in the time or something similar may happen again in the future, it is made clear that the PPMs can be on-line only Other PPMs (on-line only) could be organized to split the workload.

The proposal adapts all the timings consequently with the proposed changes, in order to make the process agile, and allow new proposals in a shorter period of time before the meeting (2 weeks). In summary, it requires that the discussion in the mailing list is done by a minimum of 8 weeks, before determining consensus. That time can longer because of the need to present the proposal into a meeting.

So, there are three possible cases:

A proposal (or a new version) is submitted 8 weeks (or a longer period) before the PPM. Consensus will be determined by the chairs within a maximum of two weeks.
A proposal (or a new version) is submitted less than 8 weeks before the PPM.
Consensus will be determined by the chairs within a maximum of two weeks, once the 8 weeks of discussion time in the list ends.
A new version of an existing proposal that has been already presented in a previous PPM, could reach consensus on the list, without the need for a new presentation. This possibility depends on the co-chair's decision, for example, when the reasons for not having reached consensus in the last PPM may have been already addressed by a new version. This new version must have been discussed in the list also during 8 weeks.

The minutes' timing is also adapted, as it seems unnecessary to wait for 3 weeks if the consensus determination will be made in 2 weeks.

2. Summary of how this proposal addresses the problem

This simple proposal seeks to eliminate the requirement that states that consensus must only be reached at the PPM, adapt the relevant timings, and at the same time, clarifies the definition of “consensus” and “last call”.

Some of the timings are also adjusted.

3. Proposal

3.1 Amending Section 3.0 of the CPM, as follows:

Current

Proposed

3.3 The Policy Development Working Group (PDWG)

The Policy Development Working Group (PDWG) discusses the proposals. Anyone may participate via the Internet or in person. PDWG work is carried out through the Resource Policy Discussion mailing list (rpd@afrinic.net) and the bi-annual AFRINIC Public Policy Meetings (PPM). Any person, participating either in person or remotely, is considered to be part of the Policy Development Working Group.

3.3 The Policy Development Working Group (PDWG)

The Policy Development Working Group (PDWG) discusses the proposals. Anyone may participate via the Internet or in person. PDWG work is carried out through the Resource Policy Discussion (RPD) mailing list (rpd@afrinic.net) and the AFRINIC Public Policy Meetings (PPM). Any person, participating either in person or remotely, is considered to be part of the PDWG.

At least 2 PPM will be held per calendar year, which might be on-line only. More PPM could be held online only, in order to split the workload across the year, having shorter PPM sessions, facilitating the PDWG to concentrate in a smaller number of proposals.

3.1.1 Definition of “Rough Consensus”

Achieving “rough consensus” does not mean that proposals are voted for and against, nor that the number of “yes's”, “no's” and “abstentions” – or even participants – are counted, but that the proposal has been discussed not only by its author(s) but also by other members of the community, regardless of their number, and that, after a period of discussion, all critical technical objections have been resolved.

In general, this might coincide with a majority of members of the community in favour of the proposal, and with those who are against the proposal basing their objections on technical reasons as opposed to “subjective” reasons. In other words, low participation or participants who disagree for reasons that are not openly explained should not be considered a lack of consensus.

Objections should not be measured by their number, but instead by their nature and quality within the context of a given proposal. For example, a member of the community whose opinion is against a proposal might receive many “emails” of support, yet the Chairs might consider that the opinion has already been addressed and technically refuted during the debate; in this case, the Chairs would ignore those expressions of support against the proposal.

For information purposes, the definition of “consensus” used by the RIRs and the IETF is actually that of “rough consensus”, which allows better clarifying the goal in this context, given that “consensus” (Latin for agreement) might be interpreted as “agreed by al”’ (unanimity).

More specifically, RFC7282, explains that “Rough consensus is achieved when all issues are addressed, but not necessarily accommodated.”

Consequently, the use of “consensus” in the PDP, must be interpreted as “rough consensus”.

3.4.1 Draft Policy Proposal

During the development of policy, draft versions of the document are made available for review and comment by publishing them on the AFRINIC website and posting them to the rpd@afrinic.net mailing list. Each draft policy is assigned a unique identifier by AFRINIC and the AFRINIC website shall also contain the version history and the status of all proposals.

The draft policy shall be available for review for at least four weeks before the next Public Policy Meeting. The author(s) shall make the necessary changes to the draft policy according to the feedback received. The Working Group Chair(s) may request AFRINIC to provide an analysis (technical, financial, legal, or other), of the impact of the draft policy proposal.

A draft policy expires after one calendar year unless it is approved by the AFRINIC Board of Directors as a policy. The timeout period is restarted when the draft policy is replaced by a more recent version of the proposal. A draft policy can be withdrawn by the author(s) by sending a notification to the Resource Policy Discussion mailing list.

3.4.1 Draft Policy Proposal and Discussion Timing

During the development of policy, draft versions of the document are made available for discussion by publishing them on the AFRINIC website and posting them to the rpd@afrinic.net list. Each Draft Policy Proposal (DPP) is assigned a unique identifier by AFRINIC and the AFRINIC website shall also contain the version history and the status of all proposals.

For every DPP/version, AFRINIC must publish an impact analysis (IA) in a maximum of 4 weeks and at least 1 week before the PPM. When a complete IA is not possible within that time frame, it should be duly justified in the RPD list and at least a draft version shall be available.

The DPP shall be available for discussion for at least 2 weeks before the next PPM.

The author(s) shall make the necessary changes to the DPP according to the feedback received.

A DPP expires after 6 months unless it is ratified by the AFRINIC Board of Directors as a policy. The timeout period is restarted when the DPP is replaced by a new version.

A DPP can be withdrawn by the author(s) by sending a notification to the RPD List.

Any DPP must be discussed on the RPD List a minimum of 8 weeks and maximum, the period of time required so it can be presented in the PPM. Consensus for a DPP can be determined only once it has been presented and discussed in the PPM.

However, if a DPP has been already presented in a PPM, under the request of the author(s), the Chairs could decide that a new presentation is not needed if consensus could already be achieved in the RPD List. However, the 8 weeks discussion period in the RPD List is still required.

3.4.2 Public Policy Meeting

The draft policy is placed on the agenda of an open public policy meeting. The agenda of the meeting shall be announced on the Resource Policy Discussion mailing list at least two weeks prior to the meeting. No change can be made to a draft policy within one week of the meeting. This is so that a stable version of the draft policy can be considered at the meeting. The Chair(s) determine(s) whether rough consensus has been achieved during the Public Policy Meeting.

The Chair(s) shall publish the minutes of proceedings of the Public Policy Meeting not later than three weeks after the meeting.

3.4.2 Public Policy Meeting and Consensus Determination

Any new DPP must be placed on the agenda of a PPM. The agenda of the meeting shall be announced on the RPD List at least 1 week prior to the meeting. No change can be made to a DPP within 1 week of the meeting. This is so that a stable version of the DPP can be considered at the meeting.

Once the minimum 8 weeks of discussion in the list and a presentation at the PPM (for never presented DPPs) are met, the Chairs have a maximum of 2 weeks to determine whether rough consensus has been achieved (considering both list and meeting).

The Chairs shall publish the minutes of proceedings of the PPM not later than 2 weeks after the meeting.

For every DPP/version that doesn't reach consensus, the Chairs should clearly state the reasons, in order for the authors to be able to work in an improved version.

3.4.3 Last Call

A final review of the draft policy is initiated by the Working Group Chair(s) by sending an announcement to the Resource Policy Discussion mailing list. The Last Call period shall be at least two weeks. The Working Group Chair(s) shall evaluate the feedback received during the Public Policy Meeting during this period and decide whether consensus has been achieved.

3.4.3 Last Call

A final discussion of the DPP is initiated by the Working Group Chairs by sending an announcement to the RPD List. The Last Call period shall be 2 weeks.

Within 1 week after the end of the last call, the Working Group Chairs shall confirm whether consensus is maintained.

The purpose of the “last call” is to provide the community with a brief and final opportunity to comment on the DPP, especially those who didn’t earlier. Consequently, during this period editorial comments may be submitted and, exceptionally, objections if any aspect is discovered that was not considered in the discussion prior to determining consensus. Any new objections must also be substantiated and must therefore not be based on opinions lacking a technical justification.

4. References

A similar proposal reached consensus in LACNIC (May 2018), has been implemented and has been used already for several years. This version offers improved details considering the previous experience and the Covid-19 situation.

AFRINIC Policy Impact Assessment

AFRINIC Staff Assessment

Date of Assessment	Relevant to Proposal
31 Aug 2020	AFPUB-2020-GEN-003-DRAFT01

1. Staff Interpretation & Understanding of the proposal

The proposal amends Section 3.3 of the Consolidated Policy Manual to bring the following changes:-

Allow more Public Policy Meetings in online mode in a year
Clarification on 'rough consensus'
Making Impact Analysis mandatory & defining the timeline for it to be published
Amends the expiry of draft policy proposals from 12 months to 6 months
A draft policy proposal that was presented at a PPM & not reached consensus may not be presented again at the next PPM. Co-chairs can determine consensus based on the discussions on the rpd mailing list, provided the policy proposal has been under discussion for 8 weeks on the list

Impact on members

None

2. AFRINIC Staff Comments on the clarity of policy

None

3.0 AFRINIC Staff Clarification Requests

Section 3.3 mentions "At least 2 PPM will be held per calendar year,". The bylaws' Section 11.2 states:- The Board shall call a Public Policy Meeting at least once a year as per requirements defined in the Policy Development Process. Alignment with the Bylaws is recommended.
Section 3.4.1 mentions "For every DPP/version, AFRINIC must publish an impact analysis (IA) in a maximum of 4 weeks and at least 1 week before the PPM." We request clarification in regard if it means 4 weeks from the date AFRINIC receives the DPP/version.
Section 3.4.1 mentions "Any new DPP must be placed on the agenda of a PPM." Please clarify that 'new DPP' can be a new proposal or an update of an existing DPP under discussion based on the community's feedback

4.0 Staff Comments On Areas of Impact

Impact on Registry Functions

None

Impact on Member Services Operations

None

Summary

The policy if reaches a consensus as written will be in contradiction of the bylaws in terms of the number of PPMs held by AFRINIC per year.

Policy Proposal

RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space (Draft 2) Archived

Details

Proposal

1.0 Summary of the problem being addressed by this proposal

2.0 Summary of how this proposal addresses the problem

3. Proposal

4.0 References

Revision History

Revision History

AFRINIC Policy Impact Assessment

AFRINIC STAFF ASSESSMENT

1.0 Staff Interpretation & Understanding of the proposal

Impact on members

2.0 AFRINIC Staff Comments on the clarity of policy

3.0 AFRINIC Staff Clarification Requests

4.0 Staff Comments On Areas of Impact

5.0 Implementation Timeline

Simple PDP Update for the new “Normal” (Draft-1) | Expired

Details

Proposal

1. Summary of the problem being addressed by this proposal

2. Summary of how this proposal addresses the problem

3. Proposal

3.1 Amending Section 3.0 of the CPM, as follows:

4. References

Revision History

Revision History

AFRINIC Policy Impact Assessment

AFRINIC Staff Assessment

1. Staff Interpretation & Understanding of the proposal

2. AFRINIC Staff Comments on the clarity of policy

3.0 AFRINIC Staff Clarification Requests

4.0 Staff Comments On Areas of Impact