Info! Please note that this translation has been provided at best effort, for your convenience. The English page remains the official version.
Unintended consequences of submarine cable deployment on Internet routing

 

 

sacs 1Co-authored by CAIDA’s Roderick Fanou, Postdoctoral Scholar; Ricky Mok, Assistant Research Scientist; Bradley Huffaker, Technical Manager; and Kc Claffy, Founder and Director.

The underlying physical infrastructure of the Internet includes a mesh of submarine cables, generally shared by network operators who purchase capacity from the cable owners.

As of late 2020, over 400 submarine cables interconnected continents worldwide and constituted the oceanic backbone of the Internet. Although they carry more than 99% of international traffic, little academic research has occurred to isolate end-to-end performance changes induced by their launch.

It is generally assumed that the deployment of undersea cables improves performance, at least for economies around the cable. But by how much, and what happens to traffic from and towards neighbouring economies?

To study this, we looked at the South Atlantic Cable System (SACS), which was launched in mid-September, 2018. It was the first transatlantic cable traversing the southern hemisphere and provided an ideal opportunity to examine what happened to traffic between different Internet regions pre and post-launch.

sacs 2Figure 1 – This image shows the Angola Cables Network, which includes the SACS cable. The cable stretches for 6,165km and has a capacity of 40Tbps and 4 fibre pairs (Source: Angola Cables)SACS connects Angola in Africa to Brazil in South America. In our paper, ‘Unintended consequences: Effects of submarine cable deployment on Internet routing‘, we shed empirical light on how it affected traffic patterns, by investigating the operational impact of SACS on Internet routing. Last year, we presented our results at the Passive and Active Measurement Conference (PAM) 2020, where it was awarded ‘best paper’.

Here, we summarize the contributions of our study, including our methodology, and some findings.

 

How did we measure the change in performance?

Our methodology quantifies the end-to-end communication performance changes from a new submarine cable deployment on Internet paths.

Our approach relies on existing subsea maps/databases and public measurement infrastructures.

Our method has four steps:

  1. Collect candidate IP paths that could have crossed the cable
  2. Identify router IP interfaces on both sides of the cable based on those candidate IP paths
  3. Search for corresponding paths (between same endpoint pairs) in historical traceroute datasets
  4. Annotate collected paths with the necessary information for analysis such as hostnames, ASes, IP geolocations, and round-trip time (RTTs) differences between consecutive hops

 

Collecting candidate IP paths

Identifying which Internet paths are passing through a newly deployed cable is quite challenging. To accurately identify IPs on both sides of the cable, we need samples of IP paths crossing it in both directions, which we can obtain by running measurements after the cable launch.

Our first step involves executing, in both directions, traceroutes between vantage points (VPs) located within two networks, denoted AS1 and AS2, that are topologically close to the respective ends of the cable.

From this, we get candidate IP paths containing IP addresses of routers traversed by packets from AS1 to AS2 or vice-versa via the cable as well as the round-trip times (RTTs) from the respective source IP addresses to each of them. We selected the networks hosting vantage points (VPs) as well as the active VPs within those networks, using existing measurement platforms (CAIDA Ark and RIPE Atlas) and publicly available sea cable databases/maps.

 

Identifying router interfaces at both ends of the cable

Using the speed of light constraint and the known length of the cable, we were able to deduce the minimum RTT to cross the cable. This gave us a threshold that we could use to narrow down the candidate IP paths, finding matching traceroutes containing RTT bumps greater or equal to the inferred minimum threshold.

We looked for cases where the locations of those IP interfaces, according to geolocation databases Netacuity and Maxmind, match the countries linked by the new subsea cable. Then, we inferred matching pairs of potential IPs on each side of the cable and looked for router aliases of those IPs.

 

Searching for corresponding paths in historical traceroute datasets

Using existing measurement platforms RIPE Atlas and CAIDA Ark, we looked for historical traceroutes containing any of the identified pairs separated by an RTT bump, greater or equal to the minimum threshold needed to cross the studied cable. We then grouped them into two sets, depending on whether they were run pre or post-cable launch.

 

Annotating collected paths with the necessary information for analysis

We annotated these IP paths with hostnames, ASes, locations, and RTT differences between consecutive hops.

Finally, we used three metrics to evaluate end-to-end performance and AS paths, before and after the cable launch:

  • The RTTs to the common IP hops closest to the traceroute destinations determines the time that packets took to travel from a source interface to a common IP close to a given destination network, measured before and after the cable launch
  • The AS-centrality of transit ASes represents the percentage of paths for which an AS played a role in transit
  • The length of AS paths crossing the studied cable operator’s network post-event, which we compared to the length of the AS paths serving the corresponding source IP destination prefixes, pre-event

 

So what did we discover?

 

Comparing RTTs before and after SACS

We started our analysis by comparing RTTs before and after SACS deployment. For the same source VP and destination prefix, we built a set of common IP hops in the traces before and after SACS, and selected the IP closest to the destination as a point of comparison.

Using the RTTs from VPs toward IP hops from the traces pre and post-SACS, we plotted the box plots of Figure 2, clustering RTTs by continent and measurement platform.

sacs 3Figure 2 – Box plots of minimum RTTs from Ark and Atlas VPs to the common IP hops closest to the destination IPs. The red line of every box plot represents the median of these minimum RTTs; we marked the 75th and 25th percentile as well as the interquartile range (IQR).

 

What was the impact of SACS on latency?

Although the median latency across the whole dataset for paths crossing SACS post-launch did not change much (median RTT drops of 2-3ms); this hides significant decreases and increases in latency across paths from/to specific regions.

Interestingly, paths from South America experienced a median latency decrease of 38%, which was quite significant compared to paths from Oceania-Australia (8% decrease), and those from Africa (3%).

At the economic level, we found predictable performance improvements (RTT decrease) for paths going from Africa to Brazil, or from South America to Angola. However, we found an asymmetrical RTT reduction; the decrease of the median RTT from Africa to Brazil (73ms) was a third of that from South America to Angola (226ms). We also noted some unpredicted and unreported performance degradations. For example, we saw packets sub-optimally routed through SACS for paths going from North America to Brazil or Africa/Europe to Angola, leading to latency increases.

 

Comparing Transit Structure

We provide an in-depth inspection of the transit structure pre and post-SACS, an analysis of the impact on AS path lengths, and a validation of our results in the paper.

 

What are the contributions and key findings of this study?

In summary, the key contributions of this study can be listed as follows:

  • We introduced a reproducible method to investigate the impact of a cable deployment on macroscopic Internet topology and performance
  • We applied our methodology to the case of SACS, the first trans-Atlantic cable from South America to Africa
  • We discovered that the RTT decrease for IP paths going from Africa to Brazil was roughly a third of that noticed on paths from South America to Angola
  • Further, we discovered surprising performance degradations to/from some regions and analyzed the root-causes of these unintended consequences

From the findings of this paper, we suggest that to avoid suboptimal routing post-activation of cables in the future, ASes could inform BGP neighbours to allow time for changes, ensure optimal iBGP configurations post-activation, and use measurement platforms to verify path optimality.

Our code and data are published to facilitate reproducibility. This codebase can be extended to other cable use-cases.

 

 

This blog post has been republished from https://blog.apnic.net/2021/02/22/unintended-consequences-of-submarine-cable-deployment-on-internet-routing published in February 22, 2021. 

 

 


  

About the author

r fanou 1
Roderick Fanou 

After obtaining his PhD in Telematics Engineering from IMDEA Networks Institute and Universidad Carlos III de Madrid, Spain in 2017, Roderick Fanou, joined CAIDA (University of California, San Diego), US in March 2018, where he worked as a Postdoctoral Scholar till March 2021. During his stay, he contributed to the MANIC and PANDA projects alongside Amogh Dhamdhere (in 2018) and Kc Claffy. His research activities involved assisting with the design and development of new applications as well as the integration of existing codebases that measure interdomain congestion, topology, and performance, for enabling large-scale scientific projects.

The study presented by this post is one of the outcomes of his collaboration with the CAIDA team.  

 

 

PeeringDB Satisfaction Survey

 

pdb logo rect colouredLast November we asked you for input through our anonymous satisfaction survey, so we could use it to guide our product roadmap for 2021. Today, we are sharing what you told us through the survey and how we’ll be improving PeeringDB and your experience of it in 2021.

We had over 200 responses to the survey. Respondents identified themselves as connected with organizations operating on every continent and in every part of our industry. 99% of respondents described themselves as very or somewhat satisfied with PeeringDB overall.

When we asked about specific service categories, we were told that Network Configuration Data and Search and Discovery capabilities were the most important. These service categories had lower, though still high, levels of satisfaction, with 95% and 96% of respondents describing themselves as very or somewhat satisfied with these aspects of PeeringDB.

Although we saw higher satisfaction with the User Experience and Web Interface, at 97%, this service category both had the most responses and the most divided feedback. One user described the current web interface as “clean and simple” while others said it was “showing its age.”

Documentation quality was also an area with lower specific satisfaction, at 93%. One comment homed in on a key problem, noting: "Needs a top-level overview document/intro. Or if it exists, I need to find it."

 

We have used your feedback to guide our product roadmap for 2021. The four key focus areas will be:

  • Improving geographic search
  • Developing a structured framework for user documentation
  • Improving the web site’s responsiveness
  • Introducing a communications framework to alert users to developments and support future tooling

Our first steps to accomplish this have been to add database support for coordinates of facilities. All new facilities will be located by their latitude and longitude, with street addresses as human-friendly search terms instead of authoritative data. This is a major project and we will share more on this work in a future blog post.

Another key change is the publication of our first HOWTO document. This document is designed to help new networks register with PeeringDB using our website. We will be publishing more documents in this series and developing a broader documentation framework to support API and web users equally.

If you have an idea to improve PeeringDB you can share it on our low traffic mailing lists or create an issue directly on GitHub. If you find a data quality issue, please let us know at This email address is being protected from spambots. You need JavaScript enabled to view it.

 


 

About Peering DB

PeeringDB is a freely available, user-maintained, database of networks, and the go-to location for interconnection data. The database facilitates the global interconnection of networks at Internet Exchange Points (IXPs), data centres, and other interconnection facilities, and is the first step in making interconnection decisions.

  

About the Author

 

leo vLeo Vegoda is developing PeeringDB’s product roadmap. He was previously responsible for organizational planning and improvement in ICANN’s Office of the COO, and Internet Number Resources in the IANA department, as well as running Registration Services at the RIPE NCC.

 

 

 

 

Summary of the AFRINIC Community Consultative webinar on the topic “Public persecution and Constructive criticism on AFRINIC mailing lists’’ that took place on Thursday 4 March 2021.

AFRINIC organised a consultative webinar on Thursday 4 March 2021 on the topic "Public persecution and Constructive criticism on AFRINIC mailing lists".

The main objectives of the webinar were to:

  • Listen to concerns on the AFRINIC mailing lists
  • Share some of our concerns on the virulence of exchanges on AFRINIC Mailing lists
  • Discuss ways to adopt good practices on the AFRINIC mailing lists

 Arthur Cardinal, Head of Stakeholder Engagement at AFRINIC introduced the session by providing the “house rules” of the session. Mr Eddy Kayihura, the Chief Executive Officer of AFRINIC followed with a speech drawing the lines between the two concepts in the title of the session ‘’Public persecution and Constructive criticism’ highlighting that the AFRINICmailing list sometimes contains language that amounts to persecution.

Mr Kayihura traced the growth of AFRINIC since 2003 amidst the expansion of the digital space in Africa highlighting his personal experience when he first joined the AFRINIC Mailing lists explaining that the diversity of the African membership and community is our wealth and we should all strive to keep it alive and healthy.

“The AFRINIC mailing lists are an important avenue for policy building and continuous dialogue. Through our mailing list, we can engage in open, respectful discussion, on matters of importance to the African Internet community and people” said Mr Kayihura. In conclusion, he recalled to his audience that collectively it is our duty to create a conducive space for the newcomers who are joining our platform and that there is a lot to achieve with our community in our region and for our continent.

Next on the agenda was Mr Ashil Oogarah, the AFRINIC Communications Team Lead who spoke on the concern of AFRINIC on the virulence of some exchanges on the mailing list. Mr Oogarah explained the potential consequences of such actions and the need for the AFRINIC community to balance their freedom of expression with the rights of others. As a corporate citizen, and responsible RIR, AFRINIC has an obligation to ensure that content appearing on its platform is not unlawful.

Mr Kayihura then invited the community for the Questions and Answers session which was quite interactive on the following questions.

 

What do you think AFRINIC should or should not do that would help maintain constructive discussions on our mailing lists?

The following points were highlighted during the discussions:

  • AFRINIC needs to train the community or do more in terms of outreach, publishing of documents to enforce the code of conduct.
  • It is fine to comment on people's ideas respectfully without attacking the person. We need to find a way to foster an environment where ‘’the ideas get attacked and not the people’’.
  • Community member verification on the mailing lists not rigorous enough.
  • It is difficult to establish a set of criteria for an open community that cannot be an exclusive community.
  • It was highlighted that AFRINIC encourages an open environment.
  • The community was invited to comment on the new Terms of Use for mailing lists.

 

How should AFRINIC deal with archives posts that potentially represent a legal risk for the organisation?

The following points were highlighted during the discussions.

  • An archive should be an immutable record of the mailing list. There is a legal risk when "it comes not from the archive content, but from the original post".
  • Posts that were marked as unacceptable or against the code of conduct, removing the original content of the post or altering it is an attempt to revise history.
  • Even though we have an aspect of record keeping and history there is an aspect of risk even though there is a section that states that each person is going to take responsibility for their comment or post on a mailing list in the new Terms of Use.
  • There is some global consensus across the Internet that deleting archives is a very serious thing.
  • If there is an archive or certain content on a website that is published, it could potentially have a legal risk to the organisation which publishes it.
  • A question was posed on whether there was a way to put archives somewhere else and contents that contain child pornographic or terrorist information must be deleted in any consequences.
  • Archives should be preserved except for certain content that can’t be preserved for legal reasons.
  • Deleting archives is similar to censorship. Even in extreme cases such as terrorism or child pornography, there needs to be a court order. If AFRINIC notices that contents may be illegal it should ask the authorities to confirm if archives should be removed. There must be a way that AFRINIC can protect itself such that it is just seen as not being responsible for the posting and acting as a record keeper. The jurisdiction where the postings have been made can also be an issue.
  • A proposal for putting the archive on a different domain was highlighted in addition to the importance to bring sanity to our mailing list.
  • AFRINIC should go back and review its code of conduct and platform.
  • The issue of civil responsibility versus criminal offence was addressed. The importance and role of free speech and civil responsibility versus the lack of action from the authorities for a criminal offence were also highlighted.
  • We don't have the right to attack anyone, naming them, but the right to privacy applies to everyone, hence the need to comment responsibly was highlighted.
  • There was another support for not deleting archives. However, based on points he has listened to about child porn and terrorism, his views shifted a little. If we are going to agree to delete archives, ‘’are we going to set strict rules that will be followed on what can be deleted and how it should be deleted?’’
  • A personal story of an interaction with the AFRINIC mailing list was shared when someone joined the AFRINIC community years ago, it really helped him to fit in because there was nothing about deleting archives, but when these archives are edited and they are no longer the original content, a new user coming in will not have the actual representation of what is happening in AFRINIC and that affects the person standing.
  • Encourage anonymous participation because it covers the legitimate rights of individual participants. Still, anonymous participation *must* not be an acceptable mean to bypass the CoC or any well defined AUP.
  •  Anonymous participation rights *must* not include the right to participate in any selection process to vote in any election.  Because any rightful voter must be identified to be able to vote; so that the 'one man; one vote' principle could be applicable. 
  • A mailing list archive is a special tool which *should* be preserved first hand. Therefore there are very few things/use cases for which it *should* be envisaged to *redact* part of the clearly identified *offending* content (such as a URL locating a dangerous attached file unexpectedly passed on the list; text or link to porn materials or any URL assessed as dangerous inside a spammy email, or materials unexpectedly shared on the list.
  • No reference to any email should be removed to a mailing list archive, but exceptionally, if there is a really dangerous email that has unexpectedly found its way to appear on a mailing list archive; some direct appropriate actions should be taken as early as possible. Such actions could include a partial modification of the proven *offending* URL or attached file.
  • We should engage in other actions to foster community participation: about ensuring a minimum of coherence between all the ToRs or Guidelines of the different committees, not including the PDWG's ones. 
  • A comment about the situation where various AFRINIC staff names were mentioned on the mailing list and nothing has been done so far with respect to this. AFRINIC is not there to remove historical information, but there is a need to review the process for mailing lists.
  • People are using anonymity in the wrong way on our mailing lists and AFRINIC has had anonymous postings. "If these get deleted, another one comes, then we have a deeper problem." Our system is based on argument and consensus. "Arguments need to be read in a way people agree with you. One argument may be better than 1000 sock puppets arguments In discussing policies, anonymously is not a problem. We can allow people to post anonymously but their ID should be verified by staff at AFRINIC."
  • There was a proposal to moderate anonymous posters.
  • There was a suggestion to improve the Code of conduct with respect to anonymous posting.
  • People or organisations have been attacked on the mailing list. This is not an adequate situation with regard to the reputation of such organisations.

 

Closing remarks

In his closing remarks, Mr Kayihura thanked all the participants and highlighted that AFRINIC is working towards getting to a point where it is safe to communicate and welcome more people to our mailing lists. He also added that during the AFRINIC strategic meeting last year, it was assessed that the engagement level with AFRINIC members and community was one of the pillars where AFRINIC needs to improve. AFRINIC intends to have an environment that is conducive enough and helpful for everyone to freely participate and where people are safe to contribute.

 

 

 

Inclusion and diversity in the African Internet Ecosystem

 

 

community 02Playing motherland to over 50 economies, Africa is rich and diverse in its many cultures, colours, beliefs and tongues that shape the uniqueness of each country while retaining a sense of similarity that can be unmistakably identified as African. The beat of our music, our delectable cuisines, and of course the gusto in African fashion, the list is as long and as vibrant as the river Nile itself.

The African Network Information Centre (AFRINIC) works towards achieving its vision of “A secure and accessible Internet for sustainable digital growth in Africa”. This has been done through facilitating open, all-inclusive arenas where people from different origins and different backgrounds come together in technical workshops, policy discussions as well as public meetings and mailing lists.

It is without a doubt that the Internet is increasingly becoming the backbone that brings Africa closer in all spheres of life. Creating a space that fosters sharing, collaborating and co-creation so that individuals can find their peers and come together regardless of religion, gender, creed, culture and geographical distances to form a “community”.

Despite all the technological advances that Africa has seen over recent years, there are still a large number of Africans who have no access to this transformational technology, resulting in what is commonly known as a digital divide. However, the digital divide reflects not only access to technology but also diversity in building and developing the Internet. Tech spaces that started as “old boys clubs” that were and in some cases still are “male-dominated” are now seeing more and more programs aimed at getting female contributors.

During AFRINIC meetings, the place of inclusion and diversity is created through a number of programs such as fellowships programs, that aid fellows financially to attend the open free of charge meetings AFRINIC holds bi-annually. Newcomers at an AFRINIC event are taken through a newcomers induction session that helps walk them through the different aspects of the meeting and the policy process all in an effort to inject new blood into our community allowing for the growth and movement to continue for generations to come.

 


 

AFRINIC realises that not everyone can travel to these meetings due to the high cost of travel around the continent, another obstacle to inclusion and technical development in Africa. In an effort to ensure that none of the African stakeholders is left behind, AFRINIC introduced online workshops and training courses that Africans can join and participate in from the comfort of their own offices or homes. We have a number of courses in the AFRINIC Academy that are free and in English and French.

Diversity and more women inclusion and empowerment have also been goals AFRINIC has been striving to achieve for years. AFRINIC has over the years supported the women in the ICT programme like the AfChix programme, which is a network of women in Technology who consider gender diversity in the Computer Science & ICT industry very critical for increased creativity and innovative performance of the industry.

English is the official business language in AFRINIC, however, supporting a single language for the whole African continent is a hurdle for many of the AFRINIC members. As such, AFRINIC is taking measures to ensure the inclusivity of our rich diversity of languages in Africa. AFRINIC has instituted its content localisation programme to have information available in several languages on The AFRINIC Website. At the moment, AFRINIC has started supporting Arabic and French the website with more languages lined up. You can read more on our Blog.

AFRINIC has also been working with a few of the Network Operator Groups it sponsors in the region to help localise the technical content and material in the local languages. Working with NOGs such as the Sudan Network Operator Group (SdNOG) and Angola Network Operators Group (AONOG) has resulted in some fruitful translation collaborations.

fellowship 02It is key that AFRINIC while bridging all of these efforts and collaboration initiatives, ensure that all the volunteers and participants feel safe and respect the diverse perspectives and core values of the others. It is not uncommon that cultural and communications slips occur regularly when dealing with a diverse group. In real life, such slips or faux pas emotional intelligence usually kicks and usually verbal and non-verbal cues help guide the participants in such interactions. However, in a completely virtual setting, these non-verbal cues disappear making it harder to read the intent behind the words communicated. Even some of the most honest and sincere feedback could be taken as assault or harassment if not dealt with in a manner that makes the recipient feel comfortable.

It is therefore important to create open, equitable, fair and productive platforms where community members feel respected irrespective of their differences. AFRINIC firmly discourages disrespect, personal attacks and harassment. This is why the AFRINIC Community has formalised its code of conduct and netiquette documents for the mailing list and its members. This is to level the playing field and ensure discussions are relevant, inclusive and also to discourage bullying.

In situations where community members prefer to place an anonymous report in confidence, AFRINIC has retained the services of a third-party whistleblowing platform hosted by an independent provider, EthicsPoint. The information provided is totally confidential and anonymous.

 


 

AFRINIC is also conducting a cleanup exercise on our mailing lists to safeguard the Community members from personal attacks. In order to benefit from the potential strength, we need to collectively create a welcoming and all-inclusive environment that engages in constructive dialogues where people exercise their right to freely and openly express their thoughts and critics while respecting their colleagues and their right not to be publicly attacked or insulted.

Our journey towards embracing all of the diversity this continent has to offer is still long. We rely on the efforts of the AFRINIC Community to guide us on more ways to be more inclusive. We, therefore, call for more ideas on how we do more to ensure our community is involved.

 

Please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. to share your thoughts and keep the dialogue going.

 

 

 

Authors

 

 This blog has been written by: 

bhana blog susan blog
Bhavna
Budoo
Susan
Otieno

 

 

 

 

 

Supporting language diversity through an inclusive approach within the AFRINIC Service Region

 

af lok1AFRINIC has a diverse membership and community. Even though English is our official language, we have at heart to support the rich diversity and inclusivity of our regional languages instead of being restricted to specific languages only. Along those lines, we have instituted our content localisation programme that aims to have information in several African languages on our website. We have started supporting Arabic and French on our main website (https://afrinic.net) with more languages coming up.

 

Importance of online content localisation 

The digital language divide is very pertinent in our region. Unesco argues that speakers of non-dominant languages need to be able to express themselves online in culturally meaningful ways, and urges governments to develop comprehensive language-related policies that support and facilitate online linguistic diversity and multilingualism. However, translation technologies offer one solution to bridging online language divides. We invite you to read this story that highlights how content localisation is helping businesses in our region grow.

 

Context story

Supporting language diversity through an inclusive approach within the AFRINIC Service Region
Akinyi is a young agri-entrepreneur from Nairobi who grew up in a family of farmers and planters from a nearby village. Her clients enjoy the freshness of her products and the values she provides, such as offline or online orders, e-payment and real-time delivery tracking services.

Akinyi did not use English as her first language for all the offline operations. Instead, she provided her best interpersonal communication skills using the local languages. That was not just convenient for her customers but also for her suppliers and other business partners who prefer to communicate in the same wording. She has never gone through a formal education system. Due to which her written and spoken English is not as good as one would expect from her successful enterprise. However, her ability to get online and be able to use the online system was crucial for her business.

Following the COVID-19 pandemic lockdown, Akinyi started operating as an essential service provider. Still, she had to close all her physical outlets and rely solely on the online services for 95% of her operations with the customers and partners.

The pandemic had already slashed more than half of Akinyi’s clients and to top it the online services were also not picking up. Several of her stock of agri-products were reaching the end of shelf time. Despite stress from all sides, Akinyi and her team continued to operate patiently.

Hence Akinyi’s team decided to adapt and localise all their online services. That was done while evaluating her strategies for how to stay relevant and still provide efficiency and incredible values to her customers. The initiative led to a native-first multilingual interface along with several other optimisations.

Over time, Akinyi’s effort paid much, and she gradually noticed the online services picking up in terms of orders and payments. While going through the services analytics, she could see how her systems were performing in the native languages compared to English only interface.

 

As the regional Internet registry for the African region, AFRINIC has taken several steps to reduce the digital divide and promote inclusiveness in our region. Some of the existing initiatives include:

Core services & Infrastructure Programmes Research Programmes Community Engagement
Capacity Building and Training Programmes
   
     

 

AFRINIC multi-lingual option selectorIf you are interested in learning further about our experiences in terms of the technology use, challenges and learning curves with this project, watch out for the upcoming parts where we shall see how AFRINIC’s content localisation programme will enable our membership and community to participate actively in developing and consuming online content in their local languages. 

  • Part 1 - Supporting language diversity within our community through an inclusive approach - Why it is important
  • Part 2 - Supporting language diversity within our community through an inclusive approach - How did we do it
  • Part 3 - Supporting language diversity within our community through an inclusive approach - What was done and what’s next (webinar)

 

 


 

 

About the author

 

Duksh Koonjoobeeharry is the Web Team Lead at AFRINIC, responsible for the management of our websites portfolio.

Duksh is the Web Team Lead at AFRINIC, responsible for the management of our websites portfolio. He has been experimenting with large scale content localisation and automation techniques since 2014 and the IGF Best Practice Forum on Creating an Enabling Environment for the Development of Local Content has recognised such an initiative as an important step for capacity building and promoting content localisation in the region.

 

 

 

Launch of the IPv6 Foundations Course in French

 

v6 basics1AFRINIC is pleased to announce the launch of the e-learning course "IPv6 Foundations (French Version)".

Through this course, you will build a solid foundation in IPv6 networking principles, and by the end of the course you should be able to:

  • Explain why the deployment of IPv6 is essential for the growth of the Internet
  • Identify the different types of IPv6 addresses and their use cases
  • Describe how EUI-64, semantically opaque and pseudo-random interface identifiers are generated
  • List the differences between IPv6 and IPv4 at the packet level
  • Explain the use of IPv6 extension headers
  • Identify the IPv6 equivalents for each IPv4 feature you use in your network.

 

This course is now open for registration at https://academy.afrinic.net/courses/fondamentaux-sur-IPv6

 

 

 

A Comprehensive audit of the AFRINIC WHOIS Database

blog afrinic whois2 body2

"AFRINIC has taken actions and kept its stakeholders informed about the situation. Infrastructural improvements on its database have been implemented and the operational business rules and procedures have been reviewed, including but not limited to a review of infrastructural user access."

 

Introduction

AFRINIC undertook an audit of all IPv4 number resources, which consisted of verifying the rightful custodianship of those resources. The audit verified the processes adopted for the allocation of IPv4 number resources which covered both legacy and non-legacy resources that fall under AFRINIC’s service region.

AFRINIC has taken actions and kept its stakeholders informed about the situation, brought about infrastructural improvements on its database, reviewed its operational business rules and procedures, including but not limited to a review of infrastructural user access.

Finally, the report provided some recommendations which will assist AFRINIC in ensuring an accurate WHOIS Database.

 

Read the report.

 


 

What Happened

The misappropriation of IP number resources in AFRINIC’s WHOIS Database was brought into light around mid-2019. Following an internal investigation, a former employee was found to have misappropriated IP number resources forming part of AFRINIC’s pool of resources. This matter was reported to the Mauritian Central Criminal Investigation Division, and an enquiry is presently on-going.

 

What we found

The audit reveals that 2,371,584 IPv4 addresses were misappropriated from AFRINIC’s pool of resources and attributed to organisations without justification.

A total of 1,060,864 IPv4 resources have been reclaimed, i.e deregistered from the AFRINIC WHOIS Database and are presently in ‘quarantine’ for a period of 12 months. Following the ‘quarantine’ period, the resources may be added to AFRINIC’s pool of resources available for new allocations.

A total of 1,310,720 IPv4 resources, related to two distinct organisations, are yet to be reclaimed due to ongoing due diligence.

With regard to misappropriation of IPv4 legacy space, 1,799,168 IPv4 addresses, deemed to be legacy address space appeared to have been compromised, and actions have been taken to contact the source-holders:

  1. 394,496 legacy IPv4 addresses have subsequently been consolidated at the request of the holding company of the organisations to which the resources were registered;
  2. Unsubstantiated changes to 467,968 legacy IPv4 addresses have been reversed;
  3. 936,704 legacy IPv4 addresses are currently under dispute and pending determination of rightful custodianship.

 

What is being done to keep this from happening again?

Following the findings of the audit, AFRINIC took several remedial actions such as reinforcing internal and external processes and adding multiple layers of verification to our IP allocation and database update processes. Here is what has been done so far by AFRINIC.

  • We communicated regularly through email updates and blog articles to keep our stakeholders informed about the situation. All concerned organisations were informed to take appropriate measures to protect the custodianship of the resources they hold.
  • AFRINIC undertook a review of its current processes relating to its core function and made various improvements in the control mechanisms for the management of Internet number resources. These covered the adoption of a fraud and corruption policy, and the introduction of a whistleblowing mechanism and many more.
  • Our current business rules now provide better support to legacy resource holders such that proper verification for legacy resources holders will be conducted before any updates are made to the records on the AFRINIC WHOIS database.
  • Resource members have to meet new checks to comply with AFRINIC’s Internal business process and policies: only registered contacts are allowed to request for service support, verify domain names registration information, and cross-verify company registration information where those services are available.
  • AFRINIC has been reinforcing its internal capacity and has embarked on a training program for staff members in the registration services. This is ongoing to ensure that all team members are capable of diligently evaluating the requests and also able to identify any risks involved.
  • The WHOIS Database has been upgraded with authentication mechanisms with additional safety features. Staff authorised to perform changes to records on MyAfrinic and WHOIS databases authenticate such changes using their PGP key. Power maintainers only use PGP authentication. All Resource Holders have also been instructed to adopt secure password mechanisms.
  • Additional layers of control for systems privileges for the staff in the Registration Services department have been implemented.
  • AFRINIC has a mechanism in place that ensures all objects in its WHOIS Database are protected by a maintainer (auto-generated for person and role objects).
  • AFRINIC also regularly monitors inconsistencies in its databases through reports which are generated daily. Registration Services Team are informed when inconsistencies are detected between the resource file entries and the registry database.

  

How can we contribute to making things better

As a result of the audit that was carried out on the accuracy of the AFRINIC WHOIS Database, the following recommendations were made:

  • The report recommends that all Resource Members keep their contact information updated.
  • The report recommends that organisations ensure that their details appearing on AFRINIC’s WHOIS Database are kept up to date all times.
  • The report recommends that AFRINIC devote resources to ensure that Legacy Resource Holders’ requests are attended to within the service timelines.
  • The report recommends that the AFRINIC community critically assess how best the accuracy of the information pertaining to Legacy Resource Holders can be improved and considers whether unused legacy resources should be left idle while AFRINIC exhausts its remaining pool of IPv4 addresses.
  • The report also recommends that policies which may assist AFRINIC in ensuring at all times an accurate WHOIS Database are developed.

 

What’s Next

AFRINIC is committed to effectively execute the recommendations highlighted in the report. As the Regional Internet Registry (RIR) for Africa and the Indian Ocean region, AFRINIC relies on the support and inputs of its community to implement those recommendations and improve on the accuracy and security of the WHOIS Database.

As we move forward, AFRINIC will keep its community informed about any improvements it brings along on the WHOIS Database.

 

 

Page 8 of 29