An update on the AfriNIC situation

Bryan Fields Bryan at
Fri Aug 27 20:07:56 UTC 2021

Hash: SHA256

People, can we at least quote properly?  I can't follow this at all.

I wish ARIN would stay out of this, it's not something that affects the ARIN
region, and nothing said in this statement seems to refute any of the
allegations against AFRINIC.  What it does seem to do is state Lu Heng/Cloud
Innovation is a shady guy.  While this may be true, I'd expect a RIR to treat
everyone the same, and that's the core of the legal complaint here.  I'd
expect that for a court to freeze assets of AFRINIC there must be a very
strong argument.

On 8/27/21 2:23 PM, John Curran wrote:
> On 27 Aug 2021, at 12:50 PM, Owen DeLong via NANOG
> <nanog at<mailto:nanog at>> wrote:
> There are two sides to every story…
> On Fri, 27 Aug 2021 at 09:44, Lu Heng
<< at>h<mailto:jcurran at>.lu at<mailto:lu at>>
> wrote:
> Dear John:
> The statements you made are very misleading.
> Here are some clarifications:
> Cloud Innovation is disputing AFRINIC’s claim that Cloud Innovation is in
> breach of the agreement. Cloud Innovation maintains that we are a compliant
> member.
> 1. While I make no comment regarding the justification of our resources. we
> have rights just like any other registrant to keep our justification
> material confidential. We would like to share some public data here: Cloud
> innovation accounts for 80% of all AFRINIC whois updates in 2021 to date
> and in AFRINIC whois,  over 10  million (roughly 10% of all AFRINIC space)
> IP addresses whois information has not been updated in more than 10 years.
> 40million (roughly 40%) IP addresses have not been updated in more than 5
> years. Have all of them been required to provide re-justification while
> they don’t bother to update whois? 313 out of 1800 members have not made a
> single assignment in their allocations more than a year after receiving.
> 641 member registered show less than 50% utilization, while AFRINIC’s CPM
> requires at least 50% utilization. All of those member are in
> violation, including several major telecoms. However according to one press
> we saw, AFRINIC only audited 15 member and terminated 5 of them,  Cloud
> Innovation being the most compliant member in terms of whois update and
> utilization data provided to AFRINIC as data shows above.
> Mr. Lu and/or Owen  - It is so nice to hear from you elaborate on your
> extensive righteous behavior.  Perhaps you’ll indulge us a simple yes/no
> question?
> AFRINIC’s RSA contains the following statement -
> (The Applicant Acknowledges…) that it is bestowed with an exclusive right
> of use of those number resources within the ambit of the “need” which it
> has justified in its application and for no other purpose during the
> currency of the present agreement;
> Is Cloud Innovation’s use of the blocks in question within the remit and
> purpose for which they were originally justified?
> 2. I did go to ARIN for resource, ARIN requested customer personal
> information down to street names, personal address, all of which we do not
> collect in our business from end users due to data privacy concerns. I have
> mentioned in one of ARIN’s meeting and received a consistent answer that it
> must be provided before the resources can be allocated. While I later
> understood it is part of ARIN policy, I still believe that it is an unwise
> policy which puts ARIN in possession of a large collection of personally
> identifying information (PII). So abandoning our ARIN application for
> resources after RIPE ran out, was a legitimate business decision and IMHO,
> a morally correct one made in order to protect the privacy of our
> customer’s. John's statement is misleading at best. John himself has
> repeatedly stated that ARIN does not deny requests, but that applicant’s
> often abandon requests when they are unwilling or unable to provide the
> requested data. That’s exactly what happened here. Contrary to John’s
> claim, that ARIN refused the application in question, the actual facts of
> the matter are that Outside Heaven chose to abandon its request rather than
> compromise the confidentiality of its customers and trust ARIN with such a
> significant amount of customer PII.
> You made an application, provided inconsistent data, and then did not
> respond when asked provide sufficient details to satisfy reasonable due
> diligence.   After not hearing back after repeated requests, ARIN denied
> the request.
> If you prefer to characterize it as “abandoning your application” then that
> is fine.  It is consistent with everything I stated, including that ARIN
> ultimately denied your request – and that such abandonment was in the face
> of queries for additional information to clarify the inconsistencies in
> your request.  We are generally able to get past these situations with the
> vast majority of organizations with legitimate need for the address space
> per ARIN policy, but I also acknowledge we cannot know how many of those
> who did abandon were for non-qualification versus other reasons.
> 5. Unless ARIN admits it has been given the justification submitted to
> AFRINIC by Cloud Innovation in past years, we don't think it is within
> ARIN’s mandate to comment whether it is being used for the same purpose or
> not.  John, please clarify, have you  received the justification material
> we submitted to AFRINIC? Do you have any inside knowledge about it? We
> would be very keen to know if AFRINIC has disclosed our private data to a
> third party in this process in violation of the very agreement they
> (unjustly) accuse us of breaching.
> I have no opinion regarding the justification submitted by Cloud
> Innovation’s for number resources from AFRINIC, and have not seen it.
> I _have_ asked a simple question of whether Cloud Innovation’s usage is
> within the remit and purpose for which they were originally justified, and
> I observe that this question has been asked repeated by many others in the
> AFRINIC community.
> This question does seem relevant to the dispute so please don’t be
> surprised if you are asked it quite often until such is resolved...
> Again – Is Cloud Innovation’s use of the blocks in question within the
> remit and purpose for which they were originally justified?
> 6. We find your discussion of the RIR stability fund most interesting…
> Please correct us if we misunderstand, but our understanding is that the
> fund requires the unanimous consent of all 5 RIR CEOs in order to be
> utilized. As such, it appears you are attempting to mislead the community
> by making a 20% promise as if it were a 100% assurance.
> My statement reads -
> If AFRINIC requests support in accordance with the Joint RIR Stability
> Fund, ARIN will support such a request.  Furthermore, and without
> reservation, ARIN stands by its unwavering commitment to support AFRINIC
> and will take any and all measures necessary to ensure that neither the
> African networking community, nor the global Internet number registry
> system, is operationally impacted during this period. AFRINIC was formed
> (and has accomplished so much) for the benefit of the African networking
> community and ARIN stands with the community in dealing with those who seek
> to disrupt or exploit it for their own benefit.
> It’s fairly self-explanatory and of course pertains simply to ARIN’s
> support for AFRINIC during this period.  If you did not take that away from
> your reading, hopefully that is now clear.
> For the above reasons, we think that Mr. Curran has not provided a balanced
> or fully accurate representation of the facts to the ARIN community here
> and we hope that the above clarification will help members of the community
> come to a more fully informed opinion.
> A vigorous discourse is a wonderful thing - I actually welcome your
> clarifications as noted above (e.g. you prefer to characterize your ARIN
> request as “abandoned” rather than it having been denied)
> You apparently can clarify quite a bit when it suits you, but still fail to
> respond to the most basic yes/no question - Is Cloud Innovation’s use of
> the blocks in question within the remit and purpose for which they were
> originally justified?
> Finally, while we realize that this is inappropriate for PPML, as it does
> not really touch on any ARIN policy discussion, we believe that Mr.
> Curran’s post could not be allowed to stand without rebuttal. Since he
> chose to make such a non-policy post to PPML, we felt that our posting of
> the rebuttal here was justified.
> Unless Mr. Curran or other ARIN staff member(s) choose to further engage on
> this topic here, this will be our only post on the matter to this list. We
> would also welcome the opportunity to take the discussion to a more
> appropriate ARIN list if Mr. Curran prefers that alternative.
> Excellent point.   I have taken the liberty of replying to Owen’s post here
> on nanog for clarity, but also suggest we continue this on arin-ppml so as
> to spare the NANOG community.
> Best wishes, /John
> John Curran President and CEO American Registry for Internet Numbers

- -- 
Bryan Fields

727-409-1194 - Voice


More information about the NANOG mailing list