AFRINIC Services Support: The 7 Frequently Asked Questions

Published On -
AFRINIC receives a variety of questions and enquiries for support. At the same time, some fall out of scope; however, we have narrowed down the frequently asked questions, mostly related to member account information, IP resources and billing-related queries.

This blog will look at the seven frequently asked questions, providing tips on how to solve them while ensuring that your interaction with AFRINIC is as quick and easy.

Let's explore these FAQs and see how you can quickly get a resolution.
  1. How to become an AFRINIC Member?
  2. What are my login details for the MyAFRINIC portal?
  3. Why am I getting authorization errors when creating objects on the AFRINIC WHOIS database?
  4. What is a Route object, and how to create it?
  5. How to create and add RPKI ROAs?
  6. Why does this website show incorrect location details of my IP resources?
  7. Does AFRINIC accept part payment of membership fees?

1. How to become an AFRINIC Member?

Becoming an AFRINIC resource member is a simple process that you can start right now with one click! However, before submitting your application, we encourage you to:

(a) Check your eligibility for resource membership to ensure that:

  • You are legally incorporated and providing services within the AFRINIC region.
  • You have a detailed IP plan for using IP number resources within the next eight months for IPv4 and 12 months for IPv6.
  •  Existence of network infrastructure in the AFRINIC region.
  • Have a valid service operator license in the country of operation. (If the service requires a license in that country).
  • Contract with an upstream service provider if you are the End-User.
    More eligibility information is available here.
(b) Understand the applicable policies to your resource request, such as:
More information can be found here.

If you have further questions about the membership application process, you can always contact our team at This email address is being protected from spambots. You need JavaScript enabled to view it.


2. What are my login details for the MyAFRINIC portal?

MyAFRINIC is a web-based portal designed for AFRINIC resource members to manage their IP number resources, contact information, billing records and track support requests, amongst other uses. In simple terms, MyAFRINIC is where resource members can manage their accounts.

To access your account, you will need your login details, including your nic-handle and password. Your nic-handle (NIC-HDL) is in the format XXN-AFRINIC (Refer to Figure 1).

Figure 1: Login on MyAFRINIC

What is a NIC-HDL?

It is a unique identifier representing a registered contact, with the format XXN-AFRINIC, where XX represents alphabetical characters, and N could be a single or combination of up to 5 digits. Hence, the NIC-HDL is your User ID to access the MyAFRINIC portal. It is good to note that registered contacts are granted access to the organisation's profile suitable to their contact type(s) using this NIC-HDL.

Access to MyAFRINIC is granted to registered contacts only. A registered contact may be one or more of the following contact types:
  • Admin-c: references to the site administrative contact.
  • Tech-c: technical contact with privileges to maintain resource usage records, enrol for services like IRR and rDNS.
  • Billing contact: Access is limited only to the organisation's dashboard and billing information (Invoices and statements of account).

How can a resource member create a NIC-HDL?

  • Potential contacts for resource members can either create their NIC-HDL via WHOIS by following the steps here. The details of the created HDLs have to be provided to AFRINIC when resource members are requesting contact updates.
  • Or, they may also provide us with their full name, address, telephone number and email address, and AFRINIC shall create one.
  • AFRINIC will verify the identity before account activation, and once verification is completed, a password will be automatically sent to the provided email address.
  • You can also change your password once your account is activated.
 

3. Why am I getting authorization errors when creating objects on the AFRINIC WHOIS database?

When you fail to provide the correct authentication information required to authorise the creation, deletion or update of an object, you will receive authorisation errors. In simple terms, you will get authorisation errors when you are not using the correct password.

Objects in the AFRINIC Database are protected using MNTNER (pronounced "maintainer") objects. The MNTNER is used to secure objects against unauthorised creation, updates or deletion in the AFRINIC WHOIS database and IRR.

Database objects under AFRINIC administrative control will contain AFRINIC-HM-MNT as the "mnt-by" values (Refer to Figure 2). The authorisation is limited to AFRINIC except for a few exceptional cases like adding routing policies to AS Number's AUT-NUM objects.
Figure 2: Object Template

To create and manage particular WHOIS child objects like the IRRs, route objects, reverse DNS domains, and IP resource usage registration, you will require your maintainer object to be referenced as one of the following applicable attribute:
  • mnt-lower
  • mnt-domain
  • mnt-route
  • managing objects
To authorise the above action, a MNTNER password is required. So, whenever you attempt to make changes (add/delete/edit) and encounter an “authorisation error, " you are not using the correct plain text password of your maintainer referenced under the object.

Due to the importance of the MNTNER password, AFRINIC ensures that the password is neither stored nor transmitted in clear text; hence if you need a MNTNER password reset.
  • Go to https://afrinic.net/whois/utilities#crypt
  • Input the new password you wish to use for the maintainer.
  • Click on "Generate hash".
  • Send us the encrypted hash that will be generated. We shall then use this to reset the password.
Once you receive confirmation from Hostmasters, you can use the plain text password to authenticate the creation of IRR objects, register resource usage, etc.

 

4. What is a Route object, and How to create it?

A route(6) is an object created in Internet Routing Registry to specify the Autonomous System Number "ASN" that will propagate a specific IP prefix to the Internet.

The AFRINIC Internet Routing Registry (IRR) is a database of routing policy information for networks both within and outside the AFRINIC region. This routing policy information is stored in the IRR database as defined by the Routing Policy Specification Language (RPSL) standard in RFC2622.

The AFRINIC IRR published routing information about Internet number resources allocated to its members and the respective BGP originating ASN.

The IRR contains announced routes and routing policy data in a standard format that network operators can use to configure their backbone routers. This makes network management in several ways, including;

  • Route filtering: Traffic may be filtered based on registered routes, preventing network problems caused by accidental or malicious routing announcements. Routing announcement filtering can be created between;
  • Peering networks: Peers agree to filter based on registered routes. If a peer's route is not registered, it will be filtered.
  • Provider and customer networks where the provider protects its network from accidental routing announcements by its customers. The customer must register its routes before the provider.
  • Network troubleshooting: A routing registry makes it easier to identify routing problems outside a network where WHOIS contacts associated with the source ASN can be used to resolve associated traffic problems.
  • Router configuration: Tools such as IRRToolset can create router configurations and can be further used to;
  • Suggest CIDR (Classless Inter-Domain Routing) aggregates,
  • Check aut-num WHOIS database objects and their routes,
  • Perform RPSL syntax checking on routing information registered in the IRR.

There are two options you can make use of to create your route objects:

(a) through MyAFRINIC portal
  • "Resource" -> "IRR"
  • Entering your prefix, the origin ASN
  • Then you will be required to provide the MNTNER object and its respective password to authorise the creation.
 


(b) The second option is through the https://whois.afrinic.net interface, following the steps below:
  • Go to whois.afrinic.net
  • Query the IP prefix (inetnum) on WHOIS
  • Get the mnt-lower/mnt-route value (It will be used as the mnt-by for your route object)
  • Identify the ASN you plan to/are using to announce the prefix
  • Select > create > route object
  • Build the route object as per the template below:
  • route: 192.0.2.0/24
  • descr: Route Object Example 1
  • origin: AS327800
  • mnt-by: EXAMPLE-MNT
  • changed: This email address is being protected from spambots. You need JavaScript enabled to view it. (your e-mail ID)
  • source: AFRINIC

More information can be found here. For further assistance, you can contact This email address is being protected from spambots. You need JavaScript enabled to view it. to get any IRR-related support.

5. How to create and add RPKI ROAs?

RPKI (Resource Public Key Infrastructure) lets the legitimate holder of a block of IP addresses make an authoritative statement about which AS Number is authorised to originate their IP prefix in the BGP. This is done by creating a cryptographically signed Route Origin Authorisation (ROA). A ROA contains three informational elements:

  • The AS Number that is authorised
  • The prefix that the AS Number shall originate
  • The Maximum Length of the prefix.
    • This specifies the maximum length of the IP address prefix (most specific prefix, up to /24 ) that the ASN is authorised to advertise. This gives the holder of the prefix control over the level of de-aggregation an ASN is allowed to do. 

In turn, other network operators can download and validate these statements to make routing decisions based on; and ensure that the BGP announcements are coming from the resource holder and that a route is valid. This process is referred to as Route Origin Validation (ROV).

Before accessing the RPKI web interface on MyAFRINIC, an admin-c or tech-c registered contact must either have an AFRINIC issued BPKI certificate or use 2 Factor Authentication.


A simple step-by-step guide to creating RPKI ROAs:

  1. On MyAFRINIC, go to "Resources."
  2. Then select "Resource Certification."
  3. Select Issue ROAs
    • Enter a unique ROA name
    • Select or input the originating ASN
    • Select the IPv4 Prefix
    • Click on the plus "+" icon for the ROA creation text fields
    • Enter your preferred Max Length (The most specific prefixes that may be originated from the AS)
  4. Select the IPv6 Prefix where applicable
    • Click on the plus "+" icon for the ROA creation text fields
    • Enter your preferred Max Length (The most specific IPv6 prefixes that may be originated from the AS)
  5. Select the ROA validity start date
  6. Select the ROA expiry date

6. Why does this website show incorrect location details of my IP resources?

IP geolocation is the mapping of an IP address to a geographic location, and geolocation service providers collect information from multiple sources, including Region Internet Registries' data, to offer their services.

However, AFRINIC does not provide geolocation services and has no formal or operational relationship with any geolocation provider. In case you find incorrect geolocation details for your IP address prefix, it is advisable to contact the particular geolocation service provider and request an update on the location of the prefix.

 

7. Does AFRINIC accept part payment of membership fees?

Part Payment is available for existing resource members only, which can be made either by:

(a) Credit Card via our members portal, MyAfrinic, as follows:
     i.  Log in
     ii. Place your cursor on billing and then click on pay bill online. 


iii. Then input the amount you are willing to pay in the field Amount to pay and click on Submit.

OR,
(b) through bank transfer (wire transfer).
AFRINIC will allocate the fund received to the invoice, which the member will quote as a reference when making the payment.
 

How can I help AFRINIC to process my enquiry without delay?

  • Check our FAQs for possible solutions.
  • Ensure you use the correct credentials, which are the NIC-HDL and password.
  • If your organisation is an existing resource Member, ensure you are a registered contact of AFRINIC, using the registered email ID in our database.
  • If you are not a registered contact, request an admin-c registered contact to introduce you. If registered contacts are unavailable, send us a request for contact update through a letter signed by a senior administrative officer on company letterhead.
  • Ensure your account does not have overdue fees per the billing timeline.

Let us know in the comments section below if you want further clarification on more commonly asked questions.

Otherwise, you can quickly contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. for assistance; we are always dedicated to helping.