RIPE 83
.
RIPE NCC Services Working Group
.
Wednesday, 24 November
.
14:30 (UTC + 1)
KURTIS LINDQVIST: I think we're coming up to the hour. So, I think we're going to start. I hope we're all set and everybody can hear me and all fine, I can hear my co‑chairs. So, I hope all is good so welcome, everyone. This is, as usual, your very much favourite Working Group, the NCC Services Working Group, and people can both hear me and see my slides, that's even better.
So, that's all good. So we have a rather packed agenda today. We'll go through the welcome and admin matters which you are probably doing at the moment. I am Kurtis Lindqvist, I am one the co‑chairs, together with Rob Evans and Bijal Sanghani, although we seem to have lost Bijal, and we'll start with the admin matters, which we are going through right now. And then we'll have the NCC update from Hans Petter, and we have the NCC Cloud strategy from Felipe database requirement task force from Bijal and then after the coffee break we continue the operation made by Felipe and the Chair selection, open microphone session. If you haven't been to one the NCC Services Working Groups in real life, I highly recommend it, it's a life‑changing experience, but beyond that, I also want to clarify that normally this RIPE Services is back‑to‑back with the General Meeting and the reason for that is that the NCC update is actually part of the General Meeting, so ‑‑ but for the benefit of all participating in the RIPE, it's represented here as opposed to the GM, and normally we would also remind you to go register for the GM but I think that's too late so you don't have to rush out and do that.
Right, with that, I think we have done the welcome. We have a scribe, which is ‑‑ I don't know who the scribe is, to be honest ‑‑ oh, Daniel ‑‑ no, that's not Daniel, it's someone else. The RIPE NCC normally, very generously, provides us with a scribe, so I hope there is a scribe. I assume so. Suzanne Taylor, thank you. And Alistair is monitoring the chat, I think. So we also have that.
If there is any comments on the agenda, otherwise we'll go with the agenda as is. No, let's go with that.
Then we have the minutes of the previous meetings that was shared on the 2nd August this year, and there was no comments. So, any comments on the minutes or can we approve them? No? Minutes approved.
With that, we'll dive straight into the first presentation, which is the RIPE update by Hans Petter, so, Hans Petter, over to you.
HANS PETTER HOLEN: Hello, everybody. So, now I got it right. So, thank you, Kurtis. My name is Hans Petter Holen and I am the Managing Director of the RIPE NCC, broadcasting live from my office in the not‑quite‑rainy Amsterdam, but anyway...
.
So, talking a bit about the RIPE NCC, where we are and what we have done since the last meeting.
We have conducted significant work into mapping the way forward. So, for the first time, we have developed a five‑year strategic plan which is published in draft form and the idea is here is to set some objectives of where we want to be in five years' time from now and that is to set the direction, and of course there will still be activity plans every year, but they will then be aligned with this strategy.
So, the strategic document describes the vision, the mission and the values, and this has been based then on factors that influence the RIPE NCC, our strength, and then we have had an internal process and that process with the board in order to set out these objectives.
So, you may be very familiar with the vision, together let's shape the future of the Internet. It's not something that we have changed this way around, we kept that as ‑‑ from previous strategic plans, and it's not necessarily a place to be, but more describing the journey, we're here together to shape the future of the Internet.
The mission statement: We have done a slide update too, so, first and foremost, an authority on unique Internet number resources, we enable people to operate and develop the Internet. And then, and here is where we made a clarification and addition, as secretariat for the RIPE community, we are a trusted steward of the open, inclusive, collaborative Internet model, engaging and connecting people and communities.
And the third part, as a neutral source of information and knowledge, we actively contribute to the stability and the evolution of the Internet.
So the main three areas are still the same, but we have made some clarifications here.
Going to the strategic objectives. We are starting with where we came from, and continue to support an open, inclusive and engaged RIPE community.
And then the RIPE community set us up to be the regional Internet registry, so, by that, we want to operate a trusted, efficient, accurate and resilient registry. And we do this because we want to enable our members and community to upgrade once secure stable and resilient global Internet, and, in order to do that, we need to maintain a stable organisation, with robust governance structure, and then we can't do this without attracting engaged, competent and diverse staff.
These are just the headlines of the objectives and there will be a separate presentation in the GM later to go into more details of the strategic objectives building up to this.
So, the timeline for the activity plan and budget:
You can see where we are now at the November meeting. We're still gathering input from the members, from the community, before the final version is presented for the Executive Board to approve the activity plan and budget in their December meeting.
So in order to manage the organisation, to deliver on the strategy and on what we set out in the activity plan, I I have a team with me, and you can see here that I now have a chief community officer, who is responsible for external engagement and community, Hisham Ibrahim, welcome to the team, he has been with the RIPE NCC for quite some while, and before that with AFRINIC, so he should be in a very good position to lead this area.
And then you all know Kaveh, who is acting as our chief information officer and heading the information services part. And then Felipe, who is acting as the chief operations officer, leading the registry and the software engineering areas around the registry.
In addition, we have Athina, our chief legal officer, who is looking after not only the legal aspects of the RIPE NCC but also participating in Internet and governance regulatory affairs, together with external communication community.
Then, Carolien Vos, our HR director; Simone, our finance manager; and Regina, our facilities manager; and last but not least, Daniella, who is looking after the Executive Board and supporting me as Managing Director.
So, this is then the team that is navigating the RIPE NCC to deliver world‑class services while engaging to connect people to maintain the resiliency and stability of the Internet.
So a bit about what we have been working on. We see in the registry a sharp increase in the number of transfers in the past year. Now, there will be more details of what's going on in the registry and I just want to assure all of you that I have seen all the concerns on the list regarding the performance on the registry, and this is one the most important things that we are working on. But it is important for all of you to realise that not only is the number of requests for transfers increased, but it's also more complex than it was in the past. Comparing to the situation in many years back, it doesn't make sense the extra work, the last year in order to be fully compliant with EU sanctions is significantly adding to the workload.
We have increased staff in the registry services, both temporary and permanent staff, and I saw on the table before I went in here there are two more contracts to be signed, so we are really focusing on also having enough resources in order to deliver on this area.
We are also looking into a way to improve efficiency and response times, and that could be optimising the processes, but also more automation, especially in the sanctions and fines area.
Long‑term solution, it really involves automation and digitisation of the registry. And yes, continue to automate member checks is, of course, one of the things that helps an a lot here. Longer terms, how can we enter into contracts digitally, how can we verify signatures electronically, and so on, would make the job of the registry much easier when it comes to these matters.
Another thing that we have focused a lot on is approving the user experience. We have a lot of data, we have a lot of interfaces to access data cross different services and we have worked on making the user experience consistent across all the applications, simply to make it easier to use. So, a new header and menu structure is there, promotional pages, and new documentation.
And we are now at the stage where we really want your feedback, so, we have started some user surveys, the first one was in September. We will do user interviews starting ‑‑ we started that in November. And then we will take the input from these and make iterations to the interfaces in order to improve it. So if you are interested, you can sign up here @ripe.net.s/usability.
Auth DNS. All of you are probably familiar with the k‑root that the RIPE NCC has been operating for many years but we also have a DNS service for reverse DNS.arp lookups and also for secondary name services for some of our members. And we are now working to expand the auth DNS network. You can see on the map here the two orange dots, that's the two auth DNS locations that we have and we now have a programme where you can actually host a copy of the auth DNS service as well. So if you are interested in that, please contact us on this URL.
.
RIPE Atlas. We have assigned a contract for production of new Atlas probes. We currently have more than 11,100 probes spread across our area, across 5,000 ASNs in 16 countries. So this goes way beyond our service region and is really a good way measuring what your network, what your services are from anywhere in the world. So this is probably one of the hidden gems in our service portfolio, if you look at what most of our members know about the RIPE NCC.
So, next year, the next version of the hardware probes will, will be distributed, and we're also looking for sponsors here. When Atlas was first developed, it was decided that the RIPE NCC would fund the development and up to 10,000 probes, and beyond that, we would look for sponsorship agreement. So we have now developed some packages so that you can sign up to sponsors and also use this for your own measurements and include parts of the network that is important to you in the probes.
We also have a community project fund. More than 30 projects so far has been funded for the purpose of the good of the Internet. This is a total of €250,000 over the years. We have had a call for applications that opened in June in year. We got 20 applications from 16 countries. Nine projects was selected by the committee for 2021 funding, and the projects were awarded between €10 and 50,000. And you can read more about the project on our website.
Now, in order to operate a global interconnected open Internet, people need to know how to do this. And the RIPE NCC has provided training services for many years, mostly in person. Now, due to Covid, we had to switch to virtual engagement, but we have also taken one step further and gone to e‑learning so you can do a synchronous courses whenever it suits you. Now, to end this with a formal certification, we have a certified professionals programme and the latest exam that we have added there is the IPv6 security expert exam.
So, we have also on the RIPE Academy where you can find the e‑learning, updated the v6 online course and the IPv6 security course, and I really want to point you to here that this is not just watching and learning, this is also hands‑on lab exercises, so there is a virtual lab environment here that you can set up and that you can use for these trainings.
And e‑learning will remain an important part of our training programme also after Covid‑19.
I mentioned that we have a lot of data that we collect through various services. And what we use that for is, among other things, Internet country report. So, one that we made this year is for the Mediterranean, so we looked at Portugal, Spain, France, Italy and Greece. This is the first report that we have translated into five languages, and if you look at the key findings from this report.
We found that the IPv4 shortage is less of an issue in this region.
.
V6 capacity carries greatly among the five countries.
.
Routing is generally quite optimised with some anomalies.
.
And there is a highly‑developed Internet landscape, healthy market competition and robust resilient Internet infrastructure
.
The next report out is going to be on Malta, Cyprus and Israel.
Language support is something we're working on. There is now a translated WIKI, where you can find translations into Turkish, Farsi, Spanish, Italian and Russian and Arabic. This is still a work‑in‑progress and more to come.
Sanctions:
.
In many ways, this is my least favourite topic to talk about. Since the RIPE NCC is based in the Netherlands, we are subject to EU sanctions and regulations and this means, under the current understanding, that we cannot make further Internet number resource to sanctioned entities. So, the services from the RIPE NCC are not sanctions by themselves, it's providing economic resources, that is the part of the sanctions that covers us, so any resources that have already been registered to a sanctioned entity must be frozen so that they can't be transferred or sold for money, then they would become an economic resource. But we do not have to deregister resources in these cases. So, it will not affect existing service.
Now, we have had to implement improved and automated monitoring of membership information against the EU sanctions. We had started a quarterly report on the sanctions, so, in a transparent manner, we are reporting on the impact of sanctions on our members, and the first report has been published just before this RIPE meeting.
In order to give a more in‑depth explanation of the whole sanctions complex and how that affects the RIPE NCC, our chief legal officer, Athina, has written an article on RIPE Labs that gives you more detail here.
.
One of the things that you probably have heard is that we have issues with our banks as well because one thing is sanctions that apply to the RIPE NCC, but banks have other compliance obligations on their own. So, for 67 of our members, we have not yet invoiced them because our banks considered these as high risk and would prefer not to receive any funds from them. So this is not something that is illegal for the RIPE NCC to engage with these members, but we have a problem receiving payment from them. Now, this is something that I am confident that we will resolve, it just takes time, and as you might understand, it might involve finding other banks that do not have these concerns.
Other ongoing efforts:
.
Registry accuracy, as always.
.
RPKI resilience. I think we are now on the second quarterly roadmap there, and I understood from yesterday's presentation in the Working Group there the efforts there has been really appreciated.
.
We are working on faster responses to members.
.
We are taking the idea of quarterly planning and road maps throughout the organisation and hope to engage more with the community on a more frequent basis by doing this. There has been significant work on the Cloud strategy and defining criticality and we will see that in a separate presentation after me.
Improving user experience. I already mentioned that.
Hosted node support for AuthDNS, further developing e‑learning and virtual training, certified professionals. Hybrid outreach and engagement is probably going to be one of the big challenges for next year. Hopefully, we can have in‑person meetings, but how do we make sure that we have an equally good experience meeting in person and participating in the meeting in person versus participating remotely?
And also, one of the things that we are doing is to assess the level of staff travelling. Currently, we have a no‑business‑travel policy still in place, but we are then handling exceptions from that on a case‑to‑case basis.
So, it's definitely good for the environment that we don't travel, but it's not necessarily good for business and human interaction.
Looking towards the next year, the accuracy of the registry is still high on the priority list. We are making significant increases in our investments in the RPKI, and also in the RIPE Database infrastructure. Security risk management and compliance is, as you may understand, increasingly important and we are really building up that area and strengthening it also into next year and probably beyond that.
Effective engagement and outreach. Supporting the RIR system and the wider Internet governance ecosystem is also important. We are not in this alone. We have four other RIRs that we work together with in an Internet ecosystem of many other Internet governance organisations as well.
.
And, of course, we need to be effective and sustainable as an organisation.
And I believe that was what I have. So, I don't know, Kurtis, back to you, if there are any questions.
KURTIS LINDQVIST: Thank you, Hans Petter. Any questions? There is a question here. There is lots of questions, actually. We have first a question: "Can the RIPE NCC not apply to get an exemption from EU sanctions?"
HANS PETTER HOLEN: Legally, there is no mechanism in the EU sanctions regime to apply for exemptions. So, in the US, the ‑ exemptions, there is a concept of a licence but that does not exhibit within the EU. So if we were to get exemptions, they would have to rewrite all the sanctions.
KURTIS LINDQVIST: The next one is: "In regards to sanctions at the last RIPE meeting it was suggested to see if there was an option to invoice and receive payments for 67 entities by a different office, the Dubai office, for instance. Why is that not further developed?"
HANS PETTER HOLEN: That is further developed and that is probably going to be the solution, but, as you might understand, working remotely with banks in Dubai has not been very easy during Covid so we will have to ‑‑ I will have to go to Dubai and sign papers and so on, and that's not been practically possible so far. And, of course, we need to have full agreement with the banks that they will accept receiving money from these parties as well.
KURTIS LINDQVIST: Next question is: "Who at the RIPE is responsible for not applying regulations? I have read the regulations on the EU website, but there is two countries it's very clear that... should respect them." I think you said you did respect them.
HANS PETTER HOLEN: So, this is many questions in one. So, first of all, foremost, it's not the RIPE, it's the RIPE NCC, the membership organisation. I am the Managing Director, so I am responsible for the organisation, and there is a provision from the Executive Board.
.
Regulations on the EU website are on multiple levels. There are country sanctions, and my understanding is that the country sanctions do not apply to the services of the RIPE NCC. Now, there are individually‑sanctioned parties, so that's ‑‑ or members, or the board members or owners may be on the sanctions list, and that is where we have discovered, and this is a development from when the sanctions were first introduced and this was reviewed many years before I started as Managing Director, where also the board made it clear that we want to do everything possible to support members. So, back at that point, the thinking was that the sanctions do not apply to the RIPE NCC. Now, that understanding changed last year and we now have clear answers from the Dutch Ministry of Foreign Affairs after we reached out to them in 2020 and asked for clarification. We also talked to them about the provision of Internet ‑‑ of exemptions regarding Internet resources. So, the MFA then stated that, according to the existing regulation, there was no legal basis to exempt number sources from sanctions. So we strongly believe that Internet resources should be kept separate from political disputes and we are currently investigating the possibility of a blanket exemption from EU sanctions regulations for Internet number resources, but these things are not something that's done easily overnight.
.
KURTIS LINDQVIST: The next question is: "I have a question about an already very old story. On behalf of the Ukrainian technical community, I would like to express my concern over a situation with Alexa Simianka [phonetic]. Firstly, he is the best technical representative that we have worked with, not only from the RIPE NCC but from all such organisations, plus he is from the Ukraine, which makes our interactions easier. Secondly, after the work with him was suspended, we lost contact with your organisation. Thirdly, we do not understand what Alexa is doing now, but obviously, for reasons we do not understand, he cannot interact with us on behalf of the RIPE NCC. To summarise, we want an update on the situation according to the situation and it is desirable to know if it is possible to get Alexa back to work here."
HANS PETTER HOLEN: So I ‑‑ I don't think I heard your last sentence.
KURTIS LINDQVIST: "And it is desirable to know if it is possible to get Alexa back to work here."
HANS PETTER HOLEN: It's just that your video is 20 seconds out of sync, which is quite interesting. Yeah, I read the question, so no problem there. I can first say that I am very sympathetic to your concern. I am not at all pleased with the situation we are in. Unfortunately, I don't have a clear answer to give to you today. We are working on this matter internally and I hope we will have news shortly after the meeting.
KURTIS LINDQVIST: Okay. Thank you. I was going to say I know there are some questions but there is a queue at the microphone as well, but we'll do the written questions in first in the order they came in.
.
The next question is: "Thanks to all clever people who keep the Internet up and running during this Covid‑19 times, you are all legends. Hans Petter, great presentation. To reach the goals you mentioned, you need to have a great and professional team and resources not only to complete the projects but also to communicate to the outside world what you are busy with. The community has lost contact with Alexa, and, as a result, nobody talks in the region on behalf of RIPE NCC and nobody provides valuable advice and, for many people, there is no one on the radar who has the same amount of expertise, passion and patience to answer. All very often, they're not so clever and often repeating questions including IPv4, IPv6, allocations, buy/sell issues, LIR interactions, etc. The question is then the RIPE NCC can make its mind about the very well respected person in the community who previously was a great help to communicate with the RIPE NCC."
HANS PETTER HOLEN: So, thank you for that question again. And I believe my answer is the same as to the previous question. I fully understand the concern here, and we are looking into this and hopefully we will have a resolution to announce shortly.
KURTIS LINDQVIST: And then we have the last written question before we go to the other ones. Which is:
"How is going investigation on expiration of external relations officer/technical advisor from Russia, when NCC plans to restore his activity in the ENCA in full?"
HANS PETTER HOLEN: And I think my answer to the previous questions apply to this as well. I fully understand your concern. I really would like to come to a resolution shortly, and I hope we are able to do so.
KURTIS LINDQVIST: And I now need to look to my dear beloved co‑chairs to see in which order these were. I think Elvis was first.
ELVIS VELEA: Can you hear me, Hans? Hi, Elvis Velea. I have got two questions, each have follow‑up questions... (inaudible ‑ poor quality audio ). The first one is the RIPE NCC is the Internet registry for a very large area in the world. The only ‑‑ I'll make it caps to emphasise ‑‑ the only Internet registry for Europe and the Middle East ‑‑ a monopoly, actually. The RIPE NCC started the registry... (inaudible ‑ poor quality audio)... involved in some sort of a sanction, blacklisted by some sort of a reason, then if the RIPE NCC would not be a monopoly, this not not be a problem, but, because it is, the RIPE NCC can't be refused access or even company or individual just because today some political decision has made person X a sanction first and next year it's going to be person Y ‑‑
HANS PETTER HOLEN: Elvis, I am sorry to interrupt, but I am not able to understand your questions and I see several comments in the chat here also that several people have problems hearing you, so maybe there is something you can do with your mic.
ELVIS VELEA: I am speaking on my earphones and on my AirPods. Can you hear me better now?
HANS PETTER HOLEN: That's better.
ELVIS VELEA: I'll just summarise this. The RIPE NCC should find a way to provide services to anyone in its service region, or, if it cannot for any reason, it should find another way or another RIR or a blanket to the sanctions or anything to support its members, all of its members in its region, because it's the only organisation that can provide the service in a large part of the world. So, how can the understanding of the sanctions can be changed overnight one way and not the other? Until last year, or this year, providing services to anyone in the world ‑‑ well, was possible and suddenly someone has changed their mind and things have changed for the NCC and now the NCC has to fight it off?
HANS PETTER HOLEN: So, if you read the article, you will see that the sanctions has been there for quite some time, and the term "making economic resources available" is what is open for interpretation. So you can say that, in the past, the RIPE NCC did not see the services ‑‑ the provision of Internet number resources as an economic research, while today we are. So there has been a change in the interpretation of that understanding. Now, the backdrop of that is both that the Dutch prosecution ‑‑ prosecutor has been more, I am not sure aggressive is the right word, but has been much more active in this area, not towards the RIPE NCC but in other areas, so the risk assessment is difficult, or was different last year than many years back, so that's one aspect here. The other aspect is that, since banks have been under scrutiny, the banks became aware of this and started to ask us questions and, therefore, we had to reassess or position on this.
So it is quite right that the world is changing. I mean, this is not mathematics. This is politics, this is legal, and this is interpretation and risk management. So, all those factors together makes it ‑‑ has made us come to the conclusion that we have to monitor carefully which of our members are under sanctions and have to deal with them appropriately. Now, we are able to provide all services to these members except allowing transfers, either new Internet resources or buying or selling Internet resources and this is for some very few organisations. In addition to that, we have problems with payment, but that I'm sure we can resolve sooner rather than later. The sanctions issue, it's much deeper and much more complex issue which is also politics. So that's not something that's very simple to solve.
.
Now, I am fully committed to finding solutions on that, one way or another. I can't be specific on all the different venues that we are pursuing, but rest assured that we are spending significant time and resources on finding a way so we can provide full ‑‑ all of our services to all of our members in one way or another.
ELVIS VELEA: Okay. Well, the second part was about the RS department and the ticketing system but I think maybe we should have this question after the next presentation, Felipe's presentation, I think, right?
KURTIS LINDQVIST: Yes, we are running out of time. We have two more written questions, I'll do those quickly.
.
First one is: "Are you aware of the limits that some members from sanctioned countries are facing with using some of the NCC Services or online courses? Some of the platforms that the NCC uses are not available to those countries and that puts those members in a disadvantaged position."
HANS PETTER HOLEN: Personally, I am not aware of those, so if you ‑‑ if you want to get in touch with me, my e‑mail address is on this slide, so please send me an e‑mail with those specific issues.
KURTIS LINDQVIST: And then the last question is: "Can we, as RIPE community, not try to file an appeal to the EU to get an exempt? It sounds more difficult to deal with the Dutch law makers rather than EU law sanction source?"
HANS PETTER HOLEN: Yes, that's, of course, one of many avenues we could pursue here. The RIPE community taking action is one way. Also, contacting your regulators and Ministry of Foreign Affairs in the countries that you operate is another way.
HANS PETTER HOLEN: Thanks, Hans Petter, thank you very much. We are moving on. You get a virtual applause from me alone. And with that, we move over to the Cloud strategy update from Felipe. Over to you.
FELIPE VICTOLLA SILVEIRA: Hello, everyone. So, good afternoon, everyone. My name is Felipe. I am the chief operations officer at the RIPE NCC, and today I'll give you an update on our Cloud strategy framework and the work we have been doing. And I'd also like to say that I'm presenting here on behalf of a group of people who have been working on both of these proposals, including Kaveh, Daniel Karrenberg, Razvan and many others within the RIPE NCC.
.
I'd like to start with a quick recap on our Cloud vantage framework and then afterwards I am going to talk about service criticality which should be in the bulk of this presentation.
We have defined a Cloud strategy framework with involvement from the whole community. There were two interim RIPE NCC Working Group sessions, one in the end of July and another one in the beginning of September. So in case you missed those and you are interested in the topic, I include the links here with the recordings.
This strategy has been presented to the Executive Board and has been approved in our meeting in September this year, and it has also been published in the Labs article, and I include the link here in case you are interested.
So the general idea behind this framework is that it's based on the five principles and it describes our approach to collaborations. So I included here some examples of principles, like we seek guidance from the community, we use open standards and so on.
So, from this set of principles, we came up with a list of requirements for Cloud services, and each one of these requirements, they have different levels of strictness for each one of them.
And the general idea is that different requirement levels will be applied, depending on two factors, one of them is a service type and the other one is a service criticality. And as for service type, we understand as global Internet services, think of things like RPKI, RIPE Database, DNS, and so on.
.
And the other type is core RIPE NCC Services, which include things like RIR portal, our ticketing system and so on.
And concerning service criticality, we thought about six levels, so ranging from very high up to very low and degraded.
.
So this is how we put the whole thing together. On the different lines on this table you see the different service types, and on the different columns you see the different labels of criticality, and, depending on where you end up in this matrix, you see which requirement level would apply.
So, for instance, if we consider RPKI as a global Internet service with high‑level criticality, then a strict requirement level would apply. That means that to be very strict and very restrictive concerning what kind of tools we should use from call core providers. On the other extreme, if you take, for instance, RIR stats and you consider that with a low‑level criticality, then the standard requirement level would apply, then it would mean it's way more lenient concerning usage of Cloud technologies.
So if you are interested about that, I suggest you refer to the Labs article or to the previous presentations, where we go into much more detail about that.
So what I would like to do now is go into more detail in our draft service criticality proposal and our approach to classify our services.
First, a disclaimer here. This is a straw‑man proposal, so we're mostly seeking feedback from the community about it. That's our initial thinking about the topic. We have published recently an article, it went live on Monday, where we explain our thinking there. And the general idea about this framework is that service criticality level is derived from the impact on the outage the service can have on these various internal and external areas; in other words, service with a high criticality level, they can cause a high impact even when the outage is quite short.
So to define criticality, they need to follow this process. First, we determine the back areas, then we classify the duration of the outages, then we define the impact levels for each impact area, and finally we determine the criticality level for the service.
So I'm going to break this down now and then go through each one of the steps.
So we start with the impact areas. So to define the external impact areas, we looked into the work ISOC has done for the Internet impact assessment toolkit and how they define critical properties of the Internet, and we adapt their proposal a bit, so, in their proposal, we have two types, which is a single distributed routing system and common global identifiers, we adapted that and broke it down in three different ones, so routing, IP addresses and DNS, and then we defined four different impact levels. So ranging from 1, which is the lightest one, up to 4, which is the more intense.
So, for instance, for routing, impact level 4 would mean a global Internet routing disruption. Were the score at level 1, it would be just degraded routing performance.
.
Concerning the classification of the outages, we have based on the classes of 9 in the industry standards, so, like, five nines and four nines and so on. With that, we define three different outage types. So, short outage, which corresponds to roughly 15 minutes of down time per quarter, which is based on four nines availability; medium outage, which corresponds to roughly 2 hours per quarter, which is based on three nines availability; and a long outage, which corresponds to roughly 22 hours per quarter, which is based on two nines availability.
So this is how we put the whole thing together. So in order to use this first, we have to look into each service you want to evaluate, then you have to look into which back area it's mostly related to, and finally you have the assess the impact level for each one of the outage types, for the short, for the medium, for the long. Then you end up with three criticality levels and then you have to basically pick up the highest one. To use an example, it's much easier to explain and to understand this table.
So let's say we are assessing, for example, the RPKI repositories. So, first, you have to think about the impact area that is related to. So that's obviously routing. Then what you have to do next is go through the three different outage types and then assess what impact that would have. So, for instance, for a short outage time, so 50 minutes would probably be around a level 2 or level 3 impact level. So local or regional routing disruption.
.
For a medium outage, we're talking about a couple of hours per quarter, so that's started to get more intense, so it's most likely we are on level 3 to level 4, so probably a high criticality level.
And finally, for a long outage of 22 hours, that would be based on end of the road, to people that would be really stressed, if you had a 22‑hour outage and that would certainly cause a global routing impact, so then you are talking about level 4 here.
Then we picked the highest, which was a criticality high, so that would put RPKI in the high criticality bucket.
Now, what are the next steps? We basically want to hear from you, so please you can say something right now or you can say something in the chat, my colleagues are monitoring the chat. You can make comments in the Labs article mailing list and so on, so listening to all the channels. And the idea is that we'll incorporate the feedback into a new draft and then ask for further comments and suggestions. And one very important step in all of this is to include the list of the classified services according to this framework. So basically get all the services in the framework and see what do these take out. And then check that and see if that makes sense. So that will also be included in our next draft. So I'll ask you to comment on that and then, finally, if there is rough consensus, we are going to publish as the final piece of the framework.
So that's what I have to share. I'll open the floor for questions now.
KURTIS LINDQVIST: Thank you. We have one written question, which is: "Are you considering the possibility of distributing clouds with servers by country ‑ for example, placing some resources in Ukraine?"
FELIPE VICTOLLA SILVEIRA: Yeah, that's one of the things we are looking at, so look into different Cloud providers. There was a big resistance last time we talked about this with the American ones, so we are also looking into a different Cloud providers and also CDN providers.
KURTIS LINDQVIST: Okay, then we have someone in the audio queue. First, we have Elvis.
.
ELVIS VELEA: I was really hoping to see some statistics you had promised on the ticketing system and SLA. I haven't seen anything from you or Hans Petter Holen. If I'm not mistaken, after the discussion on the mailing list caused by the RIPE NCC Registration Services department and it's... [inaudible ‑ poor sound] and I think 2005 the NCC promised the board that the RS will have a one‑day response time for all tickets ‑‑
KURTIS LINDQVIST: Elvis, I think you are talking about operational update, which is after the break. This is about the Cloud strategy. So do you have any questions on the Cloud strategy?
ELVIS VELEA: No, it's not. Felipe, are you going to present anything about the ticketing system?
FELIPE VICTOLLA SILVEIRA: We will present some numbers under the operational update.
KURTIS LINDQVIST: Next one in the queue then is Brian Nisbet.
BRIAN NISBET: Brian Nisbet, HEAnet. Felipe, could you go back to the grid slide that you had there? I will admit, maybe it's just me, but just from a presentation point of view, I am looking at that and it doesn't seem very intuitive to me. This is the feedback to that. Because if I look at that, my reading of it is that a short outage to a level 4 service is very high, whereas a long one is only medium criticality. I mean, I understand you have got ‑‑ you know, you have got your ratings and things, but that just ‑‑ that particular slide just doesn't make a lot of sense to me, and, you know, obviously you went through it there. But just from a visual point of view, it doesn't seem to be saying to me what you're saying it should be saying, so I suppose the feedback on that.
FELIPE VICTOLLA SILVEIRA: Thanks, Brian, for the feedback. Actually, we have another diagram that we thought would be better. I decided to use this one, but apparently it was a mistake.
BRIAN NISBET: I look forward to seeing the other diagram then.
FELIPE VICTOLLA SILVEIRA: Maybe we can look into updating the Labs article, because they are already using this one as well. But thanks for the feedback, it is a bit difficult indeed to understand.
KURTIS LINDQVIST: Thank you, Brian. We then go to Randy Bush on the video and audio.
RANDY BUSH: RPKI should be ‑ accent on "should" ‑ much more resilient, you should be decent relying party software, and I am not saying all relying party software, there is a lot of suckage out there, should be able to keep going and use the current data that it fetched for more than 24 hours. We tried to be very careful about both specification and implementations. So, the house is not on fire. It's warm, but it's not on fire.
FELIPE VICTOLLA SILVEIRA: Thanks, Randy.
KURTIS LINDQVIST: And I think that was all the questions. From Cynthia: "I suspect it might be complicated to place anything outside the EU. Would I be correct in that?"
FELIPE VICTOLLA SILVEIRA: Not necessarily, actually. I think, depending on the Cloud provider you are using, we could get some boxes outside the EU as well, or actually for Internet Cloud provider itself, but we could also look into Cloud providers from outside the EU and we have been doing that, exploring options.
KURTIS LINDQVIST: Okay. Thank you very much, Felipe. I think I am going to close that there. We are quite a bit over time. So we're going to have a very short coffee break now, and we hope to see you all back, shall we say, half past again, that's six minutes. I hope that's enough for people to go and have some coffee and we'll see you back here then.
