Jim, [I agree it would be better to have this discussion (again) in ncc-services. I have copied it there and encourage people to reply there only.] I could write a reply rant about the individual points in your rant but the main difference of opinion we have is about the mission of the RIPE NCC. This mission is broader than just being a RIR: "The mission of the RIPE NCC is to perform activities for the benefit of the membership, primarily activities that the members need to organise as a group, although they may be competing with each other in other areas. While an activity may result in services being provided to an individual member, performing the activity as a whole must benefit the RIPE NCC membership as a group. Membership is open to anyone using the RIPE NCC services. The activities and services of the RIPE NCC are defined, performed, discussed and evaluated in an open manner. In all of its activities, the RIPE NCC observes strict neutrality and impartiality in regard to individual members." Monitoring DNS and gathering Internet statistics has always been a part of these activities from the very first activity plan in 1991. See ftp://ftp.ripe.net/ripe/docs/ripe-035.txt Of course the activities themselves come and go and those that stay change shape. However the NCC is, and has always been, more than a place that just registers numbers. Daniel ------ Ah, well I'll rant back just for the heck of it. My main point is above. read on at your own risk. Rant-Warning: Moderate to Severe from Varying Directions On 10.09 12:01, Jim Reid wrote:
To be honest Daniel, I think your mail indicates the way RIPE NCC seems to have lost sight of its raison d'etre. Why is an RIR -- whose main (only?) job is to hand out IP addresses and AS numbers -- getting into other areas that are clearly outside its core business?
See above. The NCC is not getting into them it has been there all the time. It is not the RIPE NCC that is changing but it is *you* proposing a change.
ARIN and APNIC are providing that core service to their regions with a fraction of the staff that the NCC has.
Fraction yes, but not a very small one and not orders of magnitude. Also it appears to me after a quick glance at the ARIN and APNIC web sites that the RIPE NCC fees are very comparable to the fees of the other RIRs, actually slightly lower in many categories.
IMO, there must be complete transparency about non-core activities at the NCC.
I agree completely.
These things should be seen to be self-funding or else making a profit to reduce the costs of the core services and/or membership fees. If they're not, there will be a suspicion that it's the other way round. ie Income from the NCC's monopoly operations are cross-subsidising these non-core activities.
For maximum independence the membership fees should cover all activities.
Now I know you'll say that NCC does these other things as "a benefit to the community" and "the membership has approved them". I'm not so sure that either of these things are really true. Has a majority of the *membership* -- not those who turn up for the AGM or take the time to vote -- ever approved the activity plan?
I beg to disagree. Opener than RIPE NCC and RIPE is hardly possible. If people choose not to participate there is little one can do. One of my major frustrations, past and present.
Has the activity plan ever said something like "non-core activity X costs Y. If it is dropped. the membership fees can be reduced by Z. Do you want to pay for X?"?
This is very hard to do since activities are so interdependent. The budget gives a general idea of the relative sizes though.
Take DNS hosting for instance. RIPE NCC provides free service to any TLD that asks. That's fine for poor countries with weak infrastructure. Nobody should dispute that helping them is a good and noble thing and that NCC should be doing that. But serving anyone else means those TLDs are conditioned into getting something for nothing. They get into a mindset that they shouldn't have to pay for DNS service or arrange proper contracts, set up SLAs, put servers in decent IXPs, etc. In short, they don't need to take their responsibilities seriously. That has to be a Very Bad Thing in the long run. Then there's the issue about having so much important DNS stuff on ns.ripe.net. That's a Very Bad Thing too, though I know you disagree with me on this.
I see your point and I actually agree, but you have to put it into historic perspective too. There were no commercial offerings when we started this and none were expected any time soon. This activity has helped DNS stability enormously over a long period. And what about our rescue of ns.eu.net? As a matter of fact most bigger TLDs are no longer using either. So the market works. We are not marketing or improving it. But does that mean we have to shut this down now? When?
Here's another example of how NCC crossed the line IMO. The NCC was involved in the development of NSD. Fair enough, you might think. The gene pool of DNS software is too small. So having another DNS implementation is good, so this was/is a benefit to the community. However one of the NCC's members -- my former employer, Nominum -- was/is selling its own DNS implementation. So Nominum's money in membership fees was and is used to fund the NCC to develop software that competed with and undercut Nominum's product. This cannot be right. [As it turns out Nominum doesn't consider NSD to be a credible competitor or a revenue threat to its software, but that's another story.]
We needed this to responsibly operate k.root-servers.net in the light of extremely serious concerns about server software diversity combined with the requirement for open source. We have helped with the design because that is the best way to get one's requirements met. We have helped with the testing because we had to test thoroughly anyway before using it on K. So the additional effort was not that big and the Internet is now a safer place. And we have done all this *extremely* openly. You could say that I came close to bragging about it ;-).
There may well be further examples of this sort of thing in the other non-core activities of RIPE NCC. Why would anyone pay for a place on my DNSSEC training course (if I was selling one) when NCC is offering their course for free?
Who is selling DNSSEC courses? The whole point of DISI is to kick-start deployment of something that makes the Internet infrastructure more secure in the absence of clear economic drivers. We have done this before, remember CIDR?
I fear that your plans for DNS monitoring will similarly distort the market. Firstly, potential customers -- TLDs, regulators, etc -- will expect to get this type of service for free instead of paying for it as they really should. Secondly, it will prevent commercial operators, some of whom could well be NCC members, from providing this kind of service. Who can compete with free?
Yes, but is there a market? And can this be done independently and neutrally for a fee? Again we needed this for k.root-servers.net operations.
That brings up the concerns about monopolies and cross-subsidies again. Thirdly, this service could become a bottomless pit for NCC resources. What are the current and projected costs and how are they covered?
My estimate of the incremental cost of developing it so far are about 1-2 weeks of a network engineer, and 5 weeks of a chief scientist. However it is based on the network of test boxes and on the RIPE NCC web presence. How do you account for that? Difficult. We also needed something like this for operating k.root-servers.net responsibly. One could argue that the incremental cost to that is even less. But again: This helps DNS stability and Internet self-regulation. If there is another viable business model to do this at the required quality and neutrality I am all for it. I just do not see that.
of NCC extending itself well beyond its core function. Finally, incrementally adding these sorts of non-core services doesn't just entrench the NCC monopoly: it embraces and extends it.
See above. DNS monitoring is an NCC activity since 1991.
Another point. The internet and telecommunications industry has been suffering in the last few years. Budgets have been cut and companies have downsized or gone bust. At this time NCC should be seen to be tightening its belt, not adding new non-core activities.
The RIPE NCC is another kettle of fish than a commercial company. You need stability and neutrality and that has its price! What if you lean it until it falls over at the most inconveient time? Talking about fairness: The RIPE NCC does not have stock options either. Yes I have a relatively secure job, but that's because I think the RIPE NCC is important for the Internet in Europe and I chose for it *in good times* when there were *a lot* more interesting offers in terms of remuneration. Daniel