RIPE 84

Archives

.
RIPE Services Working Group
.
RIPE 84
.
18 May 2022
.
2:30 p.m.

KURTIS LINDQVIST: Good afternoon everyone, I am ‑‑ welcome everyone. This is for the in‑person version of ‑‑ nothing is happening when I am pressing here.
.
Your all time favourite Working Group of course, welcome to the RIPE NCC NCC Services Working Group, I am Kurtis Lindqvist, I am one the three co‑chairs together with Bijal and Rob. This is a reminder that for those of who you haven't been here before, that we have the presentations in here that's going to be followed by Hans Petter and the update on the NCC actually forms part of the GM but they are given here so that all RIPE participants can see them. However, sort of straight after this, we will go into the GM, then we are going to ask you to leave the room and we ask only those who have registered for the GM to come back in, if you have registered for the GM but haven't yet gotten your little GM sticker, this will be your last chance to run out to the registration desk and get them and the rest of us will promise not to laugh at those runs. But ‑‑ so that's just to explain that's part of the GM.

So, a little bit of admin.

.
That's the agenda for today as posted sometime last week. So, we're going to do this admin part. Then it's the NCC update by Hans Petter who, as I said, forms part of the GM, together with the operations update, and then Athina will give an update on the sanctions and Kaveh is going to give a technology update and then we have a very short open microphone session, and we then go to the GM.

So, on the administrative matters. Welcome again. I actually got glasses since last time so that's how long the pandemic was.

We have a scribe, which is... Agenda, I don't think there is any other additions to the agenda. No.

And the minutes from the last RIPE meeting, if I read, were shared on January the 1st. Any comments on the minutes? We had none on the mailing list so hearing nothing, minutes are approved. And then we have one last thing, we as Chairs want to bring up.

So at the next RIPE meeting there is Rob's time as co‑chair is up for re‑election ‑‑ his seat is up for selection, not Rob necessarily, and we have had a very thin candidate field, the last few times we have done this, to put it mildly, and we, as co‑chairs, would really like to see a bit more interest.and I have actually been the co‑chair of RIPE NCC Services since it was founded in 2003, so next time, please re‑elect Rob but when it's my turn after him then I'd like to have someone else to.

On a serious note, we would like to have some more candidates for this. If you do want to find out more what it means, the workload, what it means, please come and talk to us during the meeting here on the send us an e‑mail afterwards and please consider standing not just for the NCC Services Working Group Chairs but any of other Chair sessions so it's a sign of a health community. So please do that.

.
And with that, we are on to Hans Petter who is the next on the agenda.

HANS PETTER HOLEN: Thank you Kurtis. So. My name is Hans Petter Holen, Managing Director of the RIPE NCC for two years and 18 days now.

.
The mission of the RIPE NCC is to be an authority of unique Internet number resources. We enable people ‑‑ that's you ‑‑ to operate and develop the Internet. So unique numbers, the registry, the RIR, that's one of the bits of our commission. The other part is to be a secretariat for the RIPE community, the RIPE community formed us, the RIPE NCC, we are a trusted steward of the open, inclusive, collaberative Internet model engaging with and connecting people and communities. In addition to this we also do other projects and act as a neutral source of information and knowledge, we actively contribute to the stability and the evolution of the Internet.

.
We have published the 2021 annual report and 2021 financial report, the financial report have been audited by our external auditors and approved by the Executive Board for publication.

And formally, we will be approved in the GM later today, I presume.

The highlights from this report is stats on Internet number resource allocations and transfers, updates on our services and an overview of our public policy consultations, in addition to tracking commitments from the 2021 activity plan and budget. So we try to look back and what we planned to do and report on how we have succeeded with that.

What have we been working on since the last meeting?
.

.
All of you know that there is a war going on. The RIPE NCC ex Executive Board met and updated the resolution from 2014 on provision of critical services, and here, we have made it quite clear that the means to communicate should not be affected by domestic political disputes, international conflicts on even war. And you can read the full resolution on the website. We also had a request from the Ukrainian government to deregister Russian IP addresses. And the response to that is that this is unlikely to have immediate impact of the inter‑connection of traffic in Russia, but could have unpredictable consequences in terms of harming the global co‑ordination that is necessary for stable Internet operations.

.
Basically, we are registering resources. We don't have the authority or the power to stop traffic. So, we believe that it is important that the registry stays correct so that you can figure out who is using the address, even if you don't like the use of the addresses or what they are used for. So that's the core of what we are doing and it's really important to us that we stick to that mission.

.
We have informed Ukrainian and Russian members that they do not risk closure if they cannot pay their invoices on time. The reasoning is slightly different for Ukraine and Russia. In Ukraine they are focused on surviving and staying away from bombs and rebuild infrastructure, as you saw in the keynote on Monday, the community is doing great job there to help. In Russia, the problem for some of the members, we anticipated was that the banks were under sanctions. We have, however, seen that Russian members are indeed able to pay, so we do believe that it should be less of a problem for Russian members than we thought.

.
An open Internet still remains a goal. The RIPE NCC has spent the past 30 years work to go support a stable Internet. We cannot take or support any measures that risk undermining the Internet's technical foundations.

I published a blog post on that topic and you can read in more detail what's behind our thinking there.

And we have spent quite some time on tracking on the development relating to Ukraine and Russia and collected them on one page, so if you want to follow our development in this area, please have a look here.

.
In addition to this, my colleague, Emile, presented on the Monday, I believe, quite a lot of research that's been done in how the Internet in Ukraine and Russia is working right now. And the short version of this is really that the Internet has remained fairly stable in both countries. If you want to read more about this, you can see the Labs articles on the Ukrainian Internet, the resilience of the Internet in Ukraine and how Russia is connected to the wider Internet. And the source of this data comes from the services we run like RIS, like Atlas and other measurement services that measures traffic and what's happening in the Internet.

.
Prior to this, actually started before I joined as managing director, there was increasing worry that national or regional legislations in our service region made it increasingly difficult for us and has the potential to affect our operations. Mitigation of the risks of disproportionate orders from law enforcement authorities from a single jurisdiction, we have been investigating changes to our corporate structures to mitigate these risks, but then when we had a blueprint on the table for discussion, the war happened and we basically have to start from scratch again because the world is now even more complicated than it was before.

Recent changes in geopolitical legislation has been fast and predictable but once we have something that's worth discussing after having run this by the Board, we will of course consult with the RIPE community before we make any changes to our governance structure.

.
The registry. And Felipe will talk about that after I have finished. We see that the number of transfers has declined compared to last year and the number of LIR applications also declined after a peak around November last year. The workload remains high due to sanctions compliance. We have automated a lot of that as Felipe will talk about, but I naively said a couple of months ago that once we have gotten the alerts, we can, in a couple of days, determine the current state. That is so far from true. Because we need to do, in that legal analysis of the facts around the members before we can make determinations. Athina will talk more about that later on.

The number of LIRs on the IPv4 waiting list is currently 827, and the presentation in the Address Policy Working Group this morning, Marco shared that this is around one‑and‑a‑half year waiting list before you can expect some numbers here.

.
Sanctions compliance:
.
Represents a significant increase in our workload. First sanctions against Russia are being issued regularly. We have automated, as I mentioned, but all potential cases are treated as if they were sanctions, so we don't risk violating the sanctions because ultimately that's a criminal offence in the Netherlands and I could end up in jail, or Board members could end up in jail if we, on purpose, violate sanctions. That is not very likely with what we have in place. But we need to be on the safe side in this balance.

.
But, as said in the previous Board resolutions, we still want the Internet running and we want people to be able to communicate.

.
We have recently published some articles on RIPE Labs regarding this so you can have a look at that and also the quarterly sanctions transparency report has some numbers on the details there, so you can see what we're up against with the number of detections and how much we have been able to process so far.

.
2022 invoicing. We are a membership organisation. We need you all to pay the membership for us to pay our expenses, but we have difficulty with our banks when we are invoicing our members in Iran and Syria. This is not related to sanctions. We are allowed to receive money from Syria and Iran but our banks in Netherlands don't want to see any funds from these countries. So we have withheld invoicing members in these countries until we are certain that their payments can be accepted so. We are looking into finding other banks that can actually accept transfers from Syria and Iran.

.
We are also told Ukrainian and Russian members that they will not be closed if they cannot pay their invoices on time. Technically we are not waiving the payments, but we are extending the payment terms for one year at a time. We haven't sorted out all the technical details on how we will do that yet, but that is the idea on how we will handle this.

.
So, just to be clear here, we may delay invoicing or grant extensions but all members have the same payment obligations and must eventually pay the full amount and this is to be in compliance with the Articles of Association and charging scheme.

.
We have some services like BGPlay. That has now been integrated with the new RIPEstat user interface. Simpler, clearer, better organisation of options and options are saved across sessions so you don't have to pick them every time. Have a look at this and give us feedback on what you think.

.
We have made some Internet country reports, Bulgaria, Moldova, Romania. Key findings there is that all three countries have a healthy market composition and high speed low cost Internet access. Romania is the biggest exporter of IPv4 addresses in our service region. I didn't quite know that was an industry, but anyway.

.
Despite the large amount of IPv6, Bulgaria and Moldova has a low IPv6 capability rates and good amounts of inter‑connection and diverse array of upstream providers in these countries.

.
By request from our Swedish members, we have made an Internet country report for IPv6 in Sweden. And Sweden has an unusually large amount of IPv4 for its population, which likely contributes to its low IPv6 deployment rates.

The country's top Internet service providers, very greatly in terms of v6 capability, even the top v6 provider lags behind the world's average. There is a good level of inter‑connection between Sweden's networks, both over v4 and v6, resulting in health redundancy.

And if you have been out watching the stands here, you know that the interconnect point in Sweden is one of the most advanced in, at least in northern Europe. So you can talk to them about how they have managed that part.

Domestic traffic paths tend to stay local over v6 and slightly less over v4.

Now, as a Norwegian and they always compete with Swedes, we are better than Sweden in at least one area, we have a higher rate of v6 deployment.

We do some face‑to‑face courses again. But we still continue with e‑learning and webinars but we are so glad to be able to travel and meet with members and do face‑to‑face training. It gives the opportunity for dialogue to a different level than when we do this through Zoom, but you also have the opportunity to do this asynchronously with our e‑learning.

We have a new examine e‑learning in the course in the makes, BGP security and if you are interested you can already pre‑register to get updates.

We have set up pilot partnership with the Dutch government and the regulator in Iraq to combine IPv6 training and certification.

And have a look here if you are interested in formally documenting some of your knowledge in these areas.

RIPE Labs is kind of our publication, magazine where not only RIPE NCC staff but all of you can publish ideas and research and pieces of interest to the wider community. The winner of the first RIPE Labs article competition has been announced, Pavlos Sermpezis and the runner up are here at the RIPE 84. And there are no even podcasts at the RIPE Labs, so you can listen to them when you are travelling to work or cycling or jogging and you also find those on your favourite podcast platforms.

We have a community project fund, €250,000 each year to support projects that work for the good of the Internet. Our next call for applications will be out in June. But right now, we are looking for volunteers to join the Selection Committee and please apply before 27th May if you want to be on the committee selecting the projects.

.
If you are interested in working with the RIPE NCC, we have a number of open positions. So, please have a look at these, and if you may not be interested, if some of your friends or colleagues are, feel free to pass this on, and there may be more openings here in the future.

.
With me to manage the RIPE NCC, I have a management team of Felipe, my chief operations officer, managing the registry and software engineer, Kaveh is the chief information officer managing IT and information services; Hisham is our chief community officer managing well meetings like this, training, public policy and Internet governance and so on. And I'm really happy to announce that I have hired a chief information security officer that will join us on 1st July, and her name is Elinoro Petrido, she is from Greece, she is working in Amsterdam now and I'm really looking forward to get other on board to I see RA the level of security even in the management team. Athina as you know for many years is our chief legal officer. Arlene our HR director is also here, Simon‑Jan keeps tack on our finances and Regina our facilities, and to keep track on the Executive Board and on me, managing this team, Daniella is my executive assistant and she is also here and you may have seen her already at the registration desk.

.
One upon a RIPE meeting...
.
And this is where I think I need help, because I was not here at RIPE 1, so maybe Daniel could come up and help me a bit with this. And you are getting a microphone as well because you may want to say something. Right? So the minutes of RIPE 1 begin with the demand for IP connections in Europe is growing rapidly...
.
And I actually read your first annual report, and I saw that you handed out in the range of 39 and a half /24s the first year or something. So that's kind of amazing deployment, right.

Travelling back in time. And this is where I need help because who are the people in this picture?

DANIEL KARRENBERG: I don't know the guy in the middle. To the left is Martin Therpstra, the first network engineer at the RIPE NCC. To the right is Tony Bates, who was working on a project called provide, if I remember correctly. And this was about policy routing implementation and deployment in Europe. You could call it the pre‑pre‑predecessors of RPKI. And last but not least in the middle is Anne Lord, who was the first Hostmaster, IP resource analysts. So this is the core team, the first four people.

.


HANS PETTER HOLEN: As you may see the picture was from 1993, but the RIPE NCC actually started 30 years ago, and I guess this might be your first offices?

DANIEL KARRENBERG: No. I think that was a conference somewhere.

HANS PETTER HOLEN: And in 1994, the team is growing?

DANIEL KARRENBERG: Yeah, the team is growing and the fifth person is actually missing from the picture. So, you see the same four people on the left, and then on the right, also known as the network police, because he had a very interesting policy that he didn't clear with his boss, which was any patch cable that wasn't on a certain list would be removed from the watch panels without warning. That worked.

HANS PETTER HOLEN: That sounds like a really good policy.

DANIEL KARRENBERG: And to the right is our first intern, Geize Tuchany from Budapest. He was an intern. I don't know this guy.

HANS PETTER HOLEN: If you look at the technology here, some of you may not even have seen this, right? Before computers, we had plastic on overheads. And also, good staff needs to be found. So this was ‑‑

DANIEL KARRENBERG: What has changed?

HANS PETTER HOLEN: Exactly. 1996, slightly bigger team.

DANIEL KARRENBERG: Oh yes. Well, do you want me to name all of them.

HANS PETTER HOLEN: No, no, we can move ahead. But the person on the bottom line ‑‑ some of you might recognise the person on the bottom second from the left, who is now the Chair of RIPE. And the person, the third from the left is Rene Wilhelm who is the second oldest, still serving staff member of the RIPE NCC. And the others are all splendid people.

HANS PETTER HOLEN: And here we are into real engineering. I think it's a Swede on the left.

DANIEL KARRENBERG: Yeah, yeah and k‑root box in the middle with a root server.

Yeah, that was a little later. The interesting thing on this one is first of all, it's in colour. And then the person in the bottom right is our coffee lady. So we used to have coffee ladies at the RIPE NCC who were the only job requirement was that they needed to be able to speak to engineers and get them to clean up their desks especially the food items on the desks, and the other job requirement was to be retired, and it also had a nice implication for us for Texas.

HANS PETTER HOLEN: Sound great. To conclude.

DANIEL KARRENBERG: All my presentations ended always with "It is still fun" and I have to say it still is, just a different kind.

HANS PETTER HOLEN: It is really. And at this point, I will have to share with you that Daniel hasn't seen these slides before and I just dragged him up here, I sent him a message half an hour before I start and I said Daniel I need some help with the slides and he has been all over the place trying to figure out what did I mean by that? He tried to download the slides from the website but they were not there either.

The reason I brought you up here Daniel is the RIPE NCC is 30 years this year and to celebrate the RIPE NCC we also have to celebrate you because you have been with the RIPE NCC for 30 years. So, I wanted to congratulate you with the first 30 years, it may not be another 30 years, but hopefully still some to go.

DANIEL KARRENBERG: I was slightly afraid that you were going to sack me right here. Saying 30 years is too long.

HANS PETTER HOLEN: If you look at the photographer and we can get a nice picture here. This is a nice plaque to sort of give you a small memory. Daniel Karrenberg, "Dear Daniel after 30 years it's still fun. Thank you for everything. Your colleagues at the RIPE NCC."
.
(Applause)

DANIEL KARRENBERG: Well, the only thing that is left for me to say is to thank all the people who have ever worked at the RIPE NCC. The success is theirs, not mine.

HANS PETTER HOLEN: That's very modest, Daniel, thank you.

And that was actually my last slide. So, unless there are any questions, back to the Chair, Kurtis.

KURTIS LINDQVIST: Thank you Hans Petter, and Daniel thank you from me as well, I haven't been here for 30 years but I have known you quite a long time. Any questions for Hans Petter before he goes too far off ‑‑ apparently yes, there is one question in the room.

AUDIENCE SPEAKER: So, I guess it's not so much of a question really ‑‑ sorry, I should state my ‑‑ I am Cynthia Revstrom. It's just to say I am really happy that the weird word pride was mentioned again because I tried to look up what that was when I randomly saw is on a RIPE FTP server in the 2009 it had something saying something along the lines of ancient history, has DFK if you are really interested. So I am happy to see it mentioned again.

HANS PETTER HOLEN: Thank you for that. We have one other question.

SPEAKER: I am just wondering what are the reasons for the Dutch banks to not accept any money coming from Syria and/or Iran because obviously there are no ‑‑ is that it?

HANS PETTER HOLEN: There will be a three hour lecture on that at 2200 together with the BoF later on.

On the more serious notes, there are sanctions and there are multiple types of sanctions. Some sanctions apply to us. Different sanctions may apply to the banks. There are anti‑money laundering laws, some areas in the world have different levels of transparency, so you may think of Seychelles or areas like that, where banks may be not too happy to see large transfer of funds from them. Both Syria and Iran are classified as very high risk in these anti‑money laundering so Dutch banks do not want to receive money from these countries unless this is a very big large client, and we're not, right. So they are very cranky about that, there are other countries that they are sceptical about but then it's possible but then receiving money from these yellow countries, or orange countries, just puts us under scrutiny. But our main bank has said clearly if you want to continue receiving money from Iran and Syria we do not want you as a customer.

SPEAKER: This is up to the own respective discretion and not imposed on to them by say the Dutch authorities or anything?

HANS PETTER HOLEN: That is a very good question but you have to ask the banks that question, because I can just speculate that there has been some cases in the press that has increased some of the bank's focus on this area, because they may have stepped wrong in other cases, and then they have increased their compliance significantly and then looked at us and saying that this doesn't look good, we would like that.

We do have other options and we are looking into them and as soon as we are confident that we can move ahead with receiving money in a compliant and safe way, that does not look likely validation of any laws or rules, then we will inform you about that.

SPEAKER: Thank you.

KURTIS LINDQVIST: And I think that's it. Thank you Hans Petter.
.
(Applause)

KURTIS LINDQVIST: Next up then is Felipe with the operational update.

FELIPE VICTOLLA SILVEIRA: Good afternoon everyone. It's really nice to see you all face‑to‑face again.
I am the chief operations officer at the RIPE NCC. And this is the RIPE NCC operational update.

.
I'd like to start by sharing some ticket statistics and how do we measure success.

The first numbers I'd like to start sharing is the number of policy transfer tickets over time. We have seen a trend offer the last few years in which every year we had more transfer tickets than the years before. You can see clearly this in this chart.

At the beginning of this year, this trend has stopped. So now we're basically back to levels we have seen a couple of years ago. So that's the grey line in the right side of the chart.

.
I'd like to share some numbers concerning new LIR applications. This is a number of new LIR applications over the last twelve years or so. What you can see here is a couple of peaks. The first one was around 2019, where it was related to the IPv4 run‑out. And the last one we observed last year, and in both cases we had more than 5, 600 new LIR applications per month. So that was pretty tough on our staff.

Since the beginning of this year, this trend has also stopped, and we expect this trend basically to continue throughout the year. And that's mostly related to the fact that now we have a waiting list for a /24, and as Hans Petter mentioned and Marco mentioned this morning, there is a waiting time of at least one‑and‑a‑half years until if you join the waiting list now, that's how much time we expect it's going to take until you get the /24.

.
So, going forward, I am sharing now the percentage of tickets that we respond within one business day. Within the RIPE NCC, we have the target to respond to all tickets within one business day. We find that sometimes challenging to achieve because of fluctuations in the workload. And also it might not be the right target, because in the end of the day, you want to minimise the ticket lead time. So, the completion time for the ticket, and not necessarily that you respond to all tickets everyday.

So, our switch is around 95% of all tickets but we find if you go below 90%, the work tends to accumulate. So that's why I flag it in red.

.
So, what you can see in this chart is at the beginning of last year, we were struggling with workload, I have a report about that in the last Services Working Group explaining the causes. It was mostly related to the new LIR applications that I have just shown, and also to a very high number of transfer tickets.

.
The situation has normalised by Q4, last year, beginning of this year it was looking pretty nice actually, you can see it was all green. But then in March, the numbers went down again. And if you think about the timeline, that's related to the war in Ukraine. We had received a high number of queries about billing, about invoices, members from Ukraine, members from Russia, and also a compliance effort. And I am going to talk more about that later today.

.
So, going forward, ticket lead time. So that's a complete time from the moment of submission to the moment the ticket is completely resolved. There is a couple of things that I like to highlight in this chart. The first part is the black area, so this is the longstanding tickets take more than 15 weeks to be resolved.

.
You can see that in the first quarter of 2021, so that's on that side of the chart, the numbers look much worse than this side of the chart. So it's less than half reduction in this longstanding tickets and that was due to a project that we ran early last year.

.
The other point I'd like to highlight is on the green area, that's a bit harder to see just on the chart, so you have to believe me, so these are the tickets that you solved very quickly within a couple of days. And there is an increase in 10% if you compare Q1 this year with Q1 last year. So in other words, we're resolving tickets faster than one year ago.

.
Going forward, membership satisfaction. We have started measuring membership satisfaction in March this year as a pilot. We are using a couple of matrix that are used in the industry, the first one is customer effort score. The second one is net promoter score, so NPS.

In a nutshell, customer effort score measures how difficult it is to perform a certain tasks and NPS is typically used as an indicator for customer loyalty so. It measures the strength of the brand itself.

.
And the idea that we roll out across all the RIPE NCC Services once this pilot is complete.

I'd like to share some numbers now about this measurement. Starting with customer effort score so this is a question that he requested in the survey to what extent do you agree with or disagree with the statement "The RIPE NCC made it easy to handle my issue." So the scores go from 1 to 7, where 7 is strongly agree with this statement. 1 is strongly disagree. In other words, the higher the score, the better. We're measuring this over there, and any score above 5 is considered to be a good store. You can see an average of 6 and a half is a pretty good score.

.
Going forward, NPS now, so this is the question that we ask. "How likely are you to speak highly of the RIPE NCC to your friends and colleagues?"
.
The scores go from 0 to 10, where 10 is strongly agree, 0 is strongly disagree. 10 and 9 are considered promoters, from 0 to 6 are considered detractors and then you calculate the score by calculating the percentage of promoters minus the percentage of detractors, basically if you have zero you have the same of each, anything above that is a good score, so you have more promoters than detractors, anything above 50 is contracted excellent and anything above 80 is considered world class. I am happy to report that we got 79.02 based on 305 responses. I think that's a nice compliment for my colleagues at the RIPE NCC.

.
So to summarise the first part of my presentation. I still have more slides to go. The number of transfer tickets has declined when you compare to the last few years. The same is happening to the number of new LIR applications, so I have these couple of peaks and now the situation is basically going back to the same levels as with we had like five, six years ago.

Unfortunately, the workload remains very high, and that's mostly due to sanction compliance and that's what I'm going to talk about next.

.
And finally, according to our initial measurements, our members seems to be satisfied with our services. However the biggest failing in running a service like this is actually on the low scores, so I can follow up with a members to see what went wrong and then fix the root cause so we don't make the same mistakes again.

.
So now going forward, talking about compliance, European sanctions and their impact, my colleague Athina is going to give a whole presentation just about sanctions soon after mine so you might want to hold your questions until your presentation, however I am happy to take questions on that as well.

.
So, just a quick recap. The RIPE NCC uses a couple of tools for sanction compliance. They are here. The first one provide automatic monitoring for sanction compliance so this means that every time there is a new sanction package, so European Union issues a new sanction package so the sanction list is updated, we receive a notification a few days after that, typically between one week and two weeks after there is the update.

So once we receive the alert, then the actual work starts. So they have to perform extensive investigation before we can actually flag a certain member as a sanction. This investigation involves many people across the RIPE NCC, legal, investigations team, and sometimes and external legal advisor and the whole process can take several weeks and take a lot of work.

.
So with that in mind, I'd like to share the sanction transparency report. We start producing that in Q4 last year. And the idea behind it is to provide a transparency on how sanctions are affecting our members, end users and legacy holders. So I included a link there to the actual report, and compare it to the last time we published a report, which was Q1 this year. There are two additions added to this list, which is a couple of members from Russia.

.
So on top of that, we have a very large number of potential matches that requires this manual investigation by the RIPE NCC, and as Hans Petter just explained, we need to treat those potential matches as though they are sanction until we can prove otherwise.

.
So, we have currently 766 alerts. Half of those we didn't start investigating yet. 173 are currently under investigation. And we have cleared 227 of those, either as false positives or that the sanctions are not applicable to the RIPE NCC.

.
And then the four you can see there are basically the four that I have just shown in the previous slide.

.
So going forward, software engineering, I'm talking about SSO and RPKI.
.
So starting with SSO and our project to modernise RIPE NCC access, RIPE NCC access is our identity management system, it runs on top of a product that's called crowd data centre, and plus we have built a heavy home grown layer on top of it. This solution has a number of limitations. The most important one is that this product is being phased out by Atlassian, and they have a Cloud version as well so it could either move to this Cloud version or to go to another product. Or more likely going to the latter.

The crowd also has other limitations like it lacks some modern factor authentication features, and so on. Or secure integration methods like O auth 2.0. This means if you want to support those features we have to implement that ourselves.

And finally, this home grown layer is very old and has a large amount of technical depth.

.
So, with what we're proposing basically is to replace crowd and do a ground‑up rewrite of this home grown layer. So we want to pick a modern IDM engine and write a very thin integration layer on top. Some requirements for this IDM engine are first that it be secure and also to issue most of the features that are asked by our community out of the box. So we don't have to write or discuss some code ourselves.

.
We are currently assessing different vendors, and we should be done with this project before the end of the year.

.
Now, I'd like to talk about RPKI. And our strategic objectives for 2022. First one is to operate a highly resilient and consistent RPKI trust anchor and repositories. The second is to make sure it's secure, transparent and externally auditable. And finally to ensure that our members have a world class experience with RPKI services.

.
So I'm now going to go through each one of these strategic goals.

Starting with resiliency and consistency, we have scaled up our RDP repositories, before we were running on AWS, now we moved to on premise on a couple of data centres in Amsterdam and on top of that we made improvements by using two different CDM providers. So that's Cloud fair and the other one. The idea is we alternate between these two CDNs every so often.

We are currently reviewing this architecture and deciding whether we need further improvement and we are taking into account requirement both from RRDP and from rsync.

On top of that we are implementing a number of improvements in monitoring, testing environments and measurements and so on. And my colleague, Nisha is going to give a presentation tomorrow in the Routing Working Group explaining more about all of that. So I invite you all to join.

.
Now talking about security and transparency. RPKI core was Open Sourced early this year. My colleague Bart gave a really nice presentation today in Open Source Working Group, so in case you missed, I highly recommend you to watch the recording. It was a very nice presentation.

.
On top of that we have been working on a control framework based on the standard SAE 3000. I have a report about that in the last Services Working Group, so I I don't bother you with all the details again. What we are doing currently is basically doing an audit on this control framework by a different party that helped us to create the control framework.

.
And the idea here is that we might also be looking to different control frameworks as well, things like ISO 10 7001, we want to make sure that all these control frameworks they are operating with each other, we don't have overlaps and so on. And streamline the list of controls. The initial assessment is probably too long so we want to make it a bit smaller.

.
Once that step is completed, then next year we're going to do an audit in the RIPE NCC, and make sure that we are compliant with this control framework that we created.

And finally, we're planning to perform a red team testing this year, so it's all arranged, it should happen at any moment.

.
And finally, this is my last slide. World class experience with RPKI services.
.
This is all about implementing different RFCs from the IETF. The first one is a publishing parent. So this is for organisations that are running their own CA, running delegated RPKI. However, they don't want to go to the hassle of maintaining the repositories themselves to they can choose to publish in the RIPE NCC repositories and we believe this helps.

We are also implementing a pilot for ASPA support, so ASPA is a draft in the IETF, and this is basically the next step for RPKI. So now we have origin validation, so you can validate whether a certain prefix can be original Nated by a certain network, so this is about path validation, it's about describing the relations between the different ASes.

.
And finally, we want to review and improve our RPKI dashboard.

.
So that's basically it what I had to share. I can open the floor for questions now.

KURTIS LINDQVIST: Thank you, any questions for Felipe? Behind me. Elvis.

ELVIS VELEA: Hello. Can you hear me? Hi, Felipe and everyone. So, if you could go back to the slide I think 2 or 3, the one that was showing the number of tickets that are processed monthly.
.
So, I want to say that last year I was quite rough on the NTC and I'd like to applaud you this time, you are showing a lot of improvement and the service levels are getting to a very acceptable level. And so, that's one thing.

Second thing I wanted to mention was that I'd also like to applaud the introduction of the several APIs in the LIR portal, I notice that you haven't mentioned much about it but this also comes with a small request I'd like to ask you to analyse if there is a possibility to introduce an API for transfers requests as well. Right now there are APIs for requests of resources, and some other options, but ‑‑ yeah, a request for me if you could analyse if there is any possibility to introduce that as well.

And lastly, the ticketing system introduction in the LIR portal, while it's not ideal, it's much much better than the one we had before, so once again, good job there too.

FELIPE VICTOLLA SILVEIRA: Thanks Elvis, I really appreciate the compliment. Yeah, about your suggestion for the API, what I would ask is to actually send an e‑mail to services so we can actually add that to our quarterly roadmap so we can also prioritise against other requests from the community. But, yeah, thanks very much.

KURTIS LINDQVIST: Thank you, Elvis, Cynthia.

CYNTHIA RIVERSTROM: Cynthia Revstrom, and my question, or not question, but more like feedback would be that I do feel like it's a much better option for authentication SSO to go with another option instead of going for a Cloud option as it's a very critical part of the NCC Services, it's important that someone else's outage doesn't cause the NCC to have issues, seeing how critical the NCC access is for many things, especially if maybe our host RPKI to not be able to fix those things. However ‑‑ so, and also that if possible, having a solution that is based on Open Source software or entirely Open Source would be preferable, because everyone could audit them. So, I'm not sure what solutions you are looking at, but if ‑‑ I think that kind of things, those kind of things should be taken into account.

FELIPE VICTOLLA SILVEIRA: Thanks Cynthia. Theo is here, is he, is listening to this so it means that this will be taken into account in our project.

SPEAKER: Frederic, AWS, I am really happy to see as the operational plan and we were happy to participate in that. I was wondering if you also had BGPSec on your mind to kind of look at that and if not, how can we put that on the table and see, you know, I mean that's kind of the long‑term thing I think, but like we need to start somewhere.

FELIPE VICTOLLA SILVEIRA: Yes, that's coded on the last bullet point about refactoring the user interface. One of the reasons that if we are going to add the ASP object there or BGPSec there, we are going to litter the dashboard, so the idea that we redesign it so that we have enough space and it still looks neat and still works properly. In summary, yes, we are looking into that as well.

KURTIS LINDQVIST: Apologies, I think I skipped one person.

HARRY CROSS: No problem at all. Harry Cross. I do just want to commend the NCC as well for the ticketing system, because one the biggest pains that I have had as an LIR is keeping track of a ticket and what's going on there. But I would like to ask if it's possible at all, could we think about getting access to the role Zendesk instance behind everything because I find that that displays things a lot easier and has often been a lot better to work with, especially, because I have noticed some performance issues on the RIPE portal and I am wondering if that was something that could be considered?

FELIPE VICTOLLA SILVEIRA: Yeah, back in the days that we decided to do the improvements in the LIR portal, one of the alternatives was to offer access to the Zendesk portal itself and back then we decided not to. I don't know exactly the details but it didn't meet the requirements that we had.

SPEAKER: Yes, because I know that I'm looking at e‑mails from a year ago on a mailing list where support times were rather high, and people were complaining that there was no way to see what's going on, but I am happy that that's fixed. Thank you.

CHAIR: We have a question from Dmitri Severov who is asking if sanctions will grow, how do you think it be neutral if we would use private clouds? The question is: If sanctions will grow, how do you think to be neutral if we will use some private clouds. Presumably that might be thinking about if we end up using clouds in a country that is sanctioned.

FELIPE VICTOLLA SILVEIRA: I'm not sure if I understood the question properly.

KURTIS LINDQVIST: If the cloud service that the NCC is using would be sanctioned ‑‑

HANS PETTER HOLEN: Hi. So, any subcontractor we use, whether it's Cloud provider or anything else like a data centre, may be subject to sanctions and may like our banks, not like what we're doing, and put pressure on us to do something else, right.

So we need to select all our subcontractors with care. So, with selecting of any subcontractor, it's a bet, are we able to do this better our self or is it better to outsource it? And that whole balance has been changed a lot with sanctions. So, there is no easy answer to that. It's something that we are discussing a lot internally, there has been ‑‑ there will be a presentation by Kaveh later on where we talk about criticality in services and so on and that's a very important piece in that discussion.

KURTIS LINDQVIST: Thank you and with that I think we are through all the questions.

So on that note, next up is Athina on sanctions.

ATHINA FRAGKOULI: Good afternoon everyone. My name is Athina Fragkouli, I am the chief legal officer of the RIPE NCC.

And today I'm going to talk to you about the sanctions and how the RIPE NCC is handling them.

I would like, first, to give you a little bit of legal context.

So, compliance with EU sanctions is obligatory. We have no option. It's important to understand that for the enforcement of EU sanctions, responsible is the Dutch authorities for us because we are an association under Dutch law. There are always questions about what about UN sanctions? Well UN sanctions are incorporated to EU sanctions. They are not directly binding. So this happens through EU sanctions. And, again, the Dutch authorities are the ones that are responsible for the enforcement.

.
There are two big categories of EU sanctions. The first relates to the provision of service to a specific country. The RIPE NCC Services are not included to this kind of sanctions. So, we're not like prohibited to provide services to a country. There is another category of sanctions, that is about the provision of economic resources to specific organisations or individuals.

The registration of Internet number resources is indeed considered to be such an economic resource. We take this very seriously, compliance with sanctions, because failure to comply is a criminal offence. What does that mean? That the penalties may vary from fines to imprisonment for up to six years.

.
Also something that is very important to highlight here is that although we are not allowed to provide economic resources to sanction entities, legally, we are allowed to get payment from sanction entities, and this is important when we talk about the membership fees.

.
I'm going to give you like an update of how we dealt with sanctions in an chronological order. The first time we encountered the sanctions issue was back in, it was ten years ago actually, in 2012. It was then when we received a letter from a lobby group questioning our relationship with Iranian members that since we have Iranian sanctions in the EU. What we did, we went to our authorities, actually, to ask whether we were violating anything because our understanding was that we do not. And we got a confirmation from the Dutch authorities that indeed the RIPE NCC Services are not sanctioned. Of course, we implemented a process whereby we would carefully process all the membership applications and would reject applications from individuals, organisations in the sanctions list. That does not just include the organisations in the sanction list, it includes also organisations that are owned or controlled from organisations in the sanction list. So‑called indirect sanctioned entities.

.
In 2014, there was a discussion in our mailing list. It was about the situation in Crimea, and that led to an Executive Board resolution on the matter of political disputes. The Executive Board expressed a belief that the means of communication should not be affected by political discussions or dispute, and they confirmed the commitment to take all lawful steps available to ensure that the RIPE NCC will provide services to the whole membership across the service region.

.
Now, two years ago, in 2020, we had another issue. We were alerted that two members were sanctioned. Once we found out that this is the case, we immediately froze their resources and we asked for clarifications, again from the Dutch authorities. We also requested an exemption of the ‑‑ from the sanctions from the Dutch authorities. Unfortunately, the reply was that there is no legal basis for an exemption for our services, or for the registration of Internet number resources. However, they confirmed that yes, indeed, the registration of IP addresses is considered to be economic resources in line with the legislation, sanction entities cannot receive more Internet number resources, and existing registrations must be frozen in order to prevent transferring.

.
Most importantly, they said that the registration of their current resources is not required. So that was actually a nice message we got from them.

.
Now, we had to update our sanctions process to make sure that we won't have such alert again in the future for our members. Our updated sanction process was evaluated and reviewed by an independent auditor, Ernst & Young, they came back with a positive outcome.

So all of our current members and end users were screened, once again. As Felipe said, we have two third party tools that helps us with the screening, they automate the process, but that's not enough, there is still a lot of work, annual work that we have to do, especially when it comes to indirect sanctions there is a lot of research that we need to do to establish whether there is control or open source from sanctioned entities on our members.

.
During this investigation, from the moment these entities are flagged, we freeze the resources to make sure that we do not violate any sanctions law and this is very important because the liability exists from the moment of violation. There is no grace period, there is no best‑effort basis.

.
I must also say that the moment we receive a request from one of these members that are under investigation, this investigation gets prioritised, so this way we are trying not to delay any false alarms.

.
Dutch banks is a different chapter. As Hans Petter said, they have their own restrictions. They have to comply with anti‑money laundering laws. They have their know your customer requirements. They have a list of countries they consider as ultra high risk and they don't accept payments from them.

.
Syria and Iran were, both these countries were on this list so we had to clarify the matter with the banks before we invoiced them. Eventually in 2021 we did invoice the bulk of the members in Iran and Syria.

Which leads me to the present situation, the sanctions against Russia.

.
We had ‑‑ we have been dealing with six packages of sanctions in less than two months, the sixth hasn't been confirmed yet, but in two months, like six packages is a very dynamic environment. So, the good news is that none of the sanctions are prohibiting RIPE NCC Services ‑‑ the provision of the services to a country. So that's good.

.
Again, the target is the economic resources to listed entity, and this is where our registration of Internet number resources is applicable. So we have a lot of new individuals and companies that are added to this list. Of course, the third party tools are flagging them and at the moment, these members are flagged we don't allow any registration updates.

.
It is a very ‑‑ it's a very time‑consuming exercise, and it's getting frustrating sometimes because the moment we believe that okay, we have cleared up these members, they are back and flagged once again because of the new sanctions. So we have to start over every time, and the list is getting longer and longer, there is a lot of manual checks that we have to do, background checks, we have to go back to the members and ask for more information. There is a lot going on.
.
So far, we're sure that two Russian members are sanctioned, and an investigation for others is still ongoing.
.
The payment obligation from Russian members:
.
When it comes to sanctions, Russian members, I have to highlight once again that we are legally allowed to receive the payment, but our banks impose further restrictions. So, the idea is that we postpone the payment, but they will still have to pay eventually, once the sanctions are lifted or the bank restrictions or lifted, or in case we come up with long‑term solution, now we're investigating the corporate structure, as Hans Petter mentioned, eventually we'll find way for them to pay.

But non‑sanctioned Russian members, again we are legally allowed to get the payment. This time the problem is their banks potentially, because there are restrictions on some Russian banks. Therefore, we allow them some extra time to make this payment, and this is not the first time we have done that. In the past we have done something similar when members face their local bank's restrictions.

.
So, for 2022, this is an overview of how we deal with the sanction members.

.
Sanction members, from Iran, Syria and Russia, their registration is frozen. We don't send invoices, but their fees are still due, and this is because of the restrictions from our banks, from Dutch banks.

.
Non‑sanctioned members from Iran, Syria and Russia, we are allowed to provide RIPE NCC Services with no problem. Non‑sanctioned members from Iran and Syria, we haven't sent invoices yet because they are considered to be ultra high risk countries. Non‑sanctioned members from Russia, we have sent the invoices, we allow them some more time because of the restriction on their banks, on Russian banks.

.
The Executive Board had to come back again, reiterating the resolution of 2014. This time they are not just talking about the means of communication affected by political dispute, but they are talking about international conflicts of war, so the scope is a little bit ‑‑ it's broader than before. And, again, they are committing to take all lawful steps to ensure that we can provide undisrupted services to all of our members.

.
It's important to explain, also, why this is ‑‑ why the RIPE NCC must be neutral. If we're neutral, we guarantee equal treatment to those that provide Internet services in our service region. And the RIPE NCC, being a source of authoritative data, is important also for the function of the Internet, the global Internet.

.
And finally, I would like to finish this presentation by highlighting again the Executive Board's expression of solidarity with operators that have the difficult tasks of maintaining Internet access, just as the people suffering from the terrible effects of armed conflicts and war.

.
Thank you.
.
(Applause)

KURTIS LINDQVIST: Thank you Athina, so are there any questions on the RIPE NCC's response to sanctions and how you deal with sanctions? No. Oh, one, sorry.

SPEAKER: Not the sanctions part. You have a banking issue receiving funds, I am at the head, I don't represent anyone any more, just myself. I am this awesome guy who is friends with everybody.

.
So, you have an issue with the banks, and some banks have implemented restrictions on receiving money from Russia or sending money to Russia, and that's happened all over the world regardless of whether they have been sanctioned or not. However, you also have an office in the UAE and the UAE has not recognised any of those, why don't you receive the money over there since the Dutch government doesn't mind. If they have an issue I'd say don't take the money. If the Dutch government doesn't mind take it in the UAE and then transfer it in, that's my comment. Thank you.

HANS PETTER HOLEN: I have a ticket booked to UAE on Wednesday and I now have a residence permit there as well.

KURTIS LINDQVIST: Any other questions then? No.

Okay. Thank you Athina.
.
(Applause)

KURTIS LINDQVIST: Sorry, next on the agenda is Kaveh with the technology update.

KAVEH RANJBAR: So, hello everyone, my name is Kaveh Ranjbar, I am CEO of the RIPE NCC, since we have ten minutes for this slot, I will quickly go through the first part which is an update on what we have done and what we are going to do until next RIPE meeting. I promise next update I provide I will go in detail about those, but please download the slides and talk to me if there are any questions or comments on the usually things we do in technology.

.
So first let's start with the public service announcement. You have seen this slide before in MAT as well, if you attended the session, but basically, the idea is we are reworking a lot of parts in RIS, and including the website, there is some new research published and improvement in prototypes. The important message here is we are actively seeking interested peers, if you are running a network, please talk to an e‑mail, Michela or Florian and myself and we'd be more than happy to talk to you and set up peering with RIS.

.
That said, as I said I will go very quickly through this set of slides, because I want to focus and use the time for service criticality.

We are doing, or we have done some work, especially on the e‑mail infrastructure, the important part maybe because it was discussed in the community, we removed completely our dependency on Spamhaus, so basically, the only spam score we get is from spam city.

Ongoing, another thing maybe to highlight, we are focusing on Mailman 3, proof of concept, using containers and also we are going to transfer some you are our internal mailing list to Mailman 3, in consultation with the community and the Working Groups, hopefully we will rollout Mailman 3 for our external mailing list as well.

.
So, in DNS, highlights. We reduced the TTL for NS and DS records, this was discussed in the DNS Working Group and tomorrow there will be an update about that in the DNS Working Group. We also worked from KSK and ZSK to CSK. This is how we sign for DNSSEC. This is a simpler compact method is much more suited to us. It doesn't change anything in how secure our signing process is and matches our processes much better. One last thing on, in this slide is public upstreams, if you really want to receive RIS realtime from the fire hose as it was again discussed today in MAT, we are working on a prototype so you can basically completely link to our Kafka stream and get all of the stream, which is a human amount of data but everything we receive from all the BGP peers realtime.

.
So in research, you have already seen in that Hans Petter's report, I am not going to go into further detail.

For RIPE Atlas, the new version of probes are available. We are going, we are doing the final tests. And then we are going to start shipping physical probes after a pause, which we had in the past few months. You can see an example in the Atlas desk which is just outside and for RIPEstat you also saw the slide before.

The whole idea of the project started with the community when we talked about Cloud and migrating to Cloud and exactly as we saw a few minutes ago, the main question was Cloud or any other third party that we would outsource services to, one the important parts is to determine how critical is that service and how, if we rely on a third party, how much of our business will basically rely in the hands of that third party?
.

.
So that's why, after starting working on the Cloud framework, we basically see a big gap that we need to be able to define criticality for any service we might want to move to Cloud. We published the Cloud framework, that was in close consultation with community over a few meetings, and articles, and we have that but we have identified that gap and we said services that need to be moved to Cloud has to be basically assessed for criticality, and the highest level, we either would never migrate or if we data networks we would make sure we have a look‑up which is in realtime can take over and for other levels, it is in the document, the link is also in the presentation which you can check later.

.
So, we provided first draft of the criticality framework last RIPE meeting. It was received well. We had good discussions in the services. But the main comment which we received consistently was that it is too complex, and indeed it was. It was basically 3‑dimensional way of assessing and then getting to a score.
.
So the new framework is much simpler, it's basically a scale of four point scale system from low to very high. And it looks at three components. Service availability, data confidentiality and integrity. For each of them, we basically expect to have one score, and I will explain how we would get to that score. And the highest score will be taken as the criticality. So if a service for example, let's say RIPE Database, for data leaks, I assume, we don't have anything which is not publicly provided in the RIPE Database, just as an example, then it might be low but of course outages might be very high the criticality, so then the criticality for the RIPE Database would be very high in basically providing, sending it to any third party provider including Cloud or any other contractor which might do work on it.
.
And basically, it is based on the impact on the worse‑case scenario, so this is exactly what I said in the chart form. So we would look at the impact externally from global routing, how it would affect global routing if a service fails, how it would affect our provision of IPs and ASNs and global DNS. Internally we also have our own set of things, legal, finance operations, and based on that, whatever the highest score would be the critical rating of the service.

So these are these are taken from the status page on our website and the list is also up for discussion, we just wanted a starting point. There is clear instructions on how to discussion also the list. But as you see, there is a list of services we are starting with, and we have also identified the community that we think is responsible and the main discussion about the service will happen there.

.
So looking through that list, basically, what we expect is we would go to the respective community and ask them to rate us for that service if we want to come ‑‑ provide a move any part of that to the Cloud or basically have to assess criticality for any other reason, including having a third party providing different type of services.

We'd ask the community, work with the community to basically answer these three questions. And the answers don't need to be from low to very high. They can actually be in text.

We have also this guideline published, so, in case of, I would use DNS. If the text, the discussion in the community goes oh, it's no impact on DNS or it will be local issues, local issues would translate to medium. So we have also this guideline which would help to basically keep the balance in how we would score between the four.

.
We would receive that from the community. That will be of course the bare minimum, whatever we receive, let's say if the community says the impact for this service is high, we would never go below high, but then we would also do our internal investigation, which is exactly the same framework, we have our internal ones for finance for example, financial impact, legal impact and others. And if any of those are higher, then the criticality of the service will be marked as higher. Otherwise it will be basically what came out of the community discussion or consultation. So it will be either what we have at the community or higher than that.

.
And basically, with that, we can apply it to the Cloud. That was the main reason we have that, and if you remember the whole discussion on the Cloud, we had the security controls framework for the Cloud and the outcome of the confidentiality and integrity rating will go to that framework, and it is already published on RIPE Labs, and there is a clear space this can be plugged in. And the availability component will go to the crowd strategy framework which is again published and linked in the presentation, published on the RIPE Labs, and that would feed to that.

So based on that we can easily decide if we can even move a service to Cloud, and if we can, what are the requirements, what are the criteria that we have to make sure if we move, migrate the service to the Cloud, what we need to make sure are the minimums.

.
And basically, based on that, I would really like to invite you all to participate. The article is already published earlier this week on RIPE Labs. Please have a look. Let's have discussion. As I said, this is still a proposal from us. But ‑‑ and a discussion on Cloud between the community and the RIPE NCC took a while but actually the outcome, I am very happy with the outcome personally, the reason being that when I look at the whole package, the three framework ‑‑ the three documents we have, they form a nice framework which is not related only to RIPE NCC. So, it can be used, hopefully, by other organisations and our community and members to assess if they have services, and in their thinking about basically out sorting them to third parties, having Cloud providers or just decide how critical they are. This framework is a mix of technical and risk analysis, management basically ideas, so it can help a lot, and hopefully it can be used in other context other than between RIPE NCC and its community.

So that's that. And any questions or comments?

KURTIS LINDQVIST: Any questions? No. Okay. Thank you very much.

(Applause)
.
So, with that, we have come to the open microphone. So this is where you can ask questions or make suggestions, I guess, for NCC Services from the community, or ‑‑ I was going to say bring up any other topic but let's limit that slightly.

Seeing none. That means we are all done. Thank you for today. Please leave ‑‑ oh, oh!

MIRJAM KUHNE: I wanted to wait till the very end. This has nothing to do with this Working Group, just a general announcement, actually two.

The first is we found an iPhone that's at the registration desk this morning already, so, if anybody misses their phone, please go to the registration desk and the other announcement is there was a blip in the voting system for the PC elections. We're working on it and that should be back in about a half an hour or so.

KURTIS LINDQVIST: Okay. Thank you.

SPEAKER: Hi. I am Wolf representing myself. One of the things I have noticed during the earlier talk around the technology is that a lot of it was whether to move things to the Cloud. But I remember when this discussion came up several meetings ago that one of the big points people were not happy is what Cloud you had chosen to move to. Is there still a consideration for like okay, is there still already a decision on what Cloud you are aiming for or are you still figuring out if you are going to move to the Cloud, where you are going to move?
.


SPEAKER: Yes, that question is addressed in the Cloud framework document. So it's not that we are going to work only with one. We have, we have the criteria, including for example being European is part of, or at least presence in EU and GDPR compliance and all of that is part of that also within the RIPE NCC, which is also mentioned in the Cloud strategy document. We have basically a competition Cloud ‑‑ competition framework which we do internally, so we assess at least three providers for any new service that we want to get. So those two are in the framework, but in reality, what will happen is we don't see that we will use more than two or possibly maximum three Cloud providers in the long run, because just both from financial, from legal, contract management and then a lot of other basically services that we get from these providers, its much easier to work with smaller number of providers. But of course we have the list of criteria and we are very keen to find a fully European, Europe based provider which ticks all the requirements that's mentioned in that document. If we have that that would get really high preference.

KURTIS LINDQVIST: Thank you. Right.

Okay.

DENIS WALKER: Okay. I have got one question. Dmitri is asking do we have some discussion about changing payment scheme for IPv4 inside the RIPE NCC and for that I'll point him towards the discussion in the General Meeting.

KURTIS LINDQVIST: That is correct. Hang on. The CEO wants to add to that.

HANS PETTER HOLEN: So, we did propose and have discussed during the winter a new charging scheme. We did, however, decide to not put that on the agenda for this GM, due to the uncertainties relating to the ongoing war in Ukraine, so we thought that it is better to postpone that discussion and take that up on the next RIPE meeting.

So, yes, we have been thinking about that. There are some RIPE Labs articles and there has been an open house that has been recorded so you can have a look at that and then we will come back to that before the next meeting.

KURTIS LINDQVIST: Thanks Hans Petter.

Okay. With that, quickly, I think we are done. So, thank you all and we'll see you at the next RIPE meeting and now, as I said before, please leave quietly, but more importantly, speedily, so they can start the GM on time. So thank you all.

(Applause)

LIVE CAPTIONING BY
MARY McKEON, RMR, CRR, CBC
DUBLIN, IRELAND.