As Internet Number resources are finite, their allocation is based on the operational needs of end-users and Internet Services Providers while avoiding stockpiling in accordance with RFC7020, IPv4 Allocation Policy (AFPUB-2005-V4- 001), IPv6 Allocation and assignment policy (AFPUB-2013-v6-001) and Policy for Autonomous System Numbers (ASN) Management in the AFRINIC region (AFPUB-2004-ASN-001).
Section 4 of the Registration Service Agreement (RSA) provides the framework for investigations of the usage of allocated Internet Number resources, defines members’ obligation to cooperate and the measures to be taken by AFRINIC in case of failure to comply.
The lack of such investigation or regular control can lead to inefficient usage of the Internet Number resources, to stockpiling and other types of abuse.
2) Summary of How this Proposal Addresses the Problem
In order to ensure efficient and appropriate use of resources, AFRINIC shall conduct regular audits of resource utilisation held by its members. This would allow recovery of any type of resource, where usage is not in compliance with the RSA. Those resources can be reallocated for better usage.
3.1) The audits shall be based on compliance with the terms outlined in the RSA and Allocation/Assignment Policies.
3.2) The audits cover all allocated or Assigned resources, but priority goes to IPv4 and ASN mappable to two-octet ASN.
3.3) Classes of audit:
Members to be audited shall be selected according to the following classes:
The member is chosen by AFRINIC at random between members of the following categories:
- Medium and above
- IPv6-only Large
A member is selected because of an internal report or due to a lack of contact between the AFRINIC and the member.
The members have requested the audit themselves or there has been a community complaint made against them that requires investigation.
3.4 In case of non-compliance and if evidence has been established in accordance with the non-exhaustive list below:
a) Unjustified lack of visibility of the resource on the global routing table.
b) Breach of AFRINIC policies.
c) Breach of the provisions of the registration service agreement or other legal agreements between the organisation holding the resource and AFRINIC.
d) Evidence that an organisation is no more operating and its blocks have not been transferred.
e) Unauthorised transfers under the provisions of the policies.
AFRINIC shall initiate the resource recovery process.
AFRINIC shall attempt to contact the organisation and correct any discrepancy towards the RSA. If the situation cannot be rectified, AFRINIC shall publish the resources to be recovered for a period of three (3) months; during which the organisation may at any time, seek compliance. After this period, the resource shall be recovered and therefore the records of the previous holder of the recovered resource shall be removed from AFRINIC databases.
Any Internet Number Resources recovered under this policy may be assigned/allocated under existing Allocation and Assignment Policies.
3.5 Appeal procedure
The audit shall be conducted in full transparency and neutrality. But if the result of the audit does not appear to be fair, the audited members has the right to appeal against the result. Appeals shall follow an arbitration process as defined by AFRINIC, which shall publish the process and the pool of arbitrators who shall be knowledgeable volunteers from the community.
The outcome of the arbitration process is unequivocal and without appeal.
3.6 Compliance Report
AFRINIC shall publish an annual report describing the members which have been audited and their level of compliance.
4.0 Revision History
18 May 2016: First Draft AFPUB-2016-GEN-001-DRAFT01 Posted on RPD list