RIPE NCC Services Working Group
24 May 2023
2:30 p.m..

KURTIS LINDQVIST: Right. We are going to get started because we are a little bit stretched for time. I am Kurtis Lindqvist I am one the three co‑chairs of the NCC Services Working Group, Rob and Bijal, she is monitoring the Meetecho and Sander is monitoring our time keeping. So, this is, as you all know, your most favourite Working Group. It's the NCC Services Working Group. If you haven't yet seen this and getting tired of me, I'd like to remind you that in October you have a chance to vote me off as Chair so you won't have to see these animations again. You have a chance to select someone else than me and that will be the end of these animations.

Right. If you can't get a better motivation than that...
The agenda for today, we're going to do the administrative matters and welcome, which I'm doing, followed by an update from Hans Petter, followed by the technology update and registry update from Felipe, and then Fergal is going to talk about the upcoming NCC survey, and then we'll have a discussion about the 2023‑03 voluntary transfer lock discussion and the next steps on this. Then Christian is going to talk about Board as a service, as this is his last RIPE meeting as a Board member, I believe. And then we'll hand over the microphone. This is a rather tight schedule because after this we have the GM. And this is a reminder that if you haven't registered for the GM or picked up your sticker, now is pretty much your last chance to do so. Please go do that, as well as that the Hans Petter presentation is considered part of the GM even though it's not in the GM.

So, with that, we'll move over to the administrative matters.

The welcome done. We usually get a scribe selected by the NCC, which I hope happened this time as well. If not, we might have a little bit of an issue.

STENOGRAPHER: It's okay, I'll save you!

KURTIS LINDQVIST: We have a scribe. You have seen the agenda, any last additions to the agenda? No. Okay. Next is to approve the minutes from the last RIPE meeting, that was shared to the mailing list. There was no comments on the mailing list. Any last comments before reapprove the minutes? No.

Minutes approved.

So, with that, I am going to hand over to Hans Petter.

HANS PETTER HOLEN: Sorry for the confusion, I was just double‑checking that we do have a scribe and we have a scribe who is remote and backup, Robert, so it should be well taken care of.

I'm going to talk about RIPE NCC in the past before run‑out when everybody was happy. Then I started and we had disruptions look pandemics, sanctions, war, inflation, regulations. Declining LIRs, increased compliance led to increased costs, but I assure you that we are listening and we do want your input. So that's hopefully the takeaways that you will have after this presentation, so I will talk a little bit who we are, the RIPE NCC, how we plan, looking back before run‑out, looking at the transition and disruptions and the annual report for 2022 and also touch a bit on the activity plan and budget for this year. And try to guess a bit into the future.

So, the RIPE NCC has a vision to shape the Internet, the future of the Internet together with you. So, if you look at the associations articles, it's not only about registration but it's also will co‑ordination, administration and new activities. So, I have seen a lot of messages on the Members Discuss that we should just be a registry, the RIPE NCC will set up as the secretariat for the community and started up with doing more than the registry, we have always done more than the registry.

So, together, let's shape the future of the Internet. We have a mission in our current strategy which predates me, we polished it a bit when I started ‑‑ to be an authority on unique Internet number resources, to enable you our members to operate and develop the Internet. That's the registry part.

We also want to be a neutral source of information and knowledge and actively contribute to a stable innovative Internet. This is where our measurements services fits in.

But we also are a trusted steward of the open, inclusive, collaborative Internet model, connecting people, communities and stakeholders and that's why we're doing meetings like this. We are doing outreach, we are bringing people together in order to collaborate, foster collaboration and make a better Internet.

We built a strategy in 2022, we discussed it publicly, we took input, it was finally polished and decided by the Board.

First and foremost support an open, inclusive and engaged RIPE community. Secondly, operate a trusted, efficient, accurate and resilient registry. Thirdly, enable our members, you, and community to operate one secure stable and resilient global Internet.

To do this we need an available organisation with a robust governance structure, we need solid finances, we need a Board elected by the members. And there is an election later today and I am looking forward to have the members decide who is going object tonne the Board. There is also a vote in the GM on the charging scheme, and that's really setting maybe a change in the charging scheme that we have now had for ten‑plus years, or it's a vote against, and we will then, whatever the decision is, work on that as input to our planning process.

But none of this is possible without having engaged, competent and diverse staff. So that's the five pillars in our strategy.

For 2023, we have picked five focus areas. The first one is to be resilient in the face of political, legislative and regulatory changes that have the potential to affect our operations.

Yes, you hear sanctions, you hear war and you hear more regulations like GDPR, analysis to security laws and whatever.

Secondly, secure Internet number resources by developing and operating a resilient externally auditable and secure resource certification trust anchor and support RPKI. We need to together secure the routing system in order to improve security of the Internet. RPKI is just one of many security mechanisms that we need to implement, or actually you, our 20,000 members, need to implement. We can help on that, we have the RPKI service so you can get your ROAs signed, but we need to also train you and do outreach so that you implement this.

We want to be a centre of excellence for data measurements and tools that provide insight of the Internet and its operations. That's a focus area to see all the data that we have collected in RIS, Atlas and make available in stat and through other means that we also now work on visualising that, making into actionable knowledge that can be used to make decisions.

We also have an increased need to maintain security and compliance with best practices and applicable regulations.

The difference from 20 years back is enormous in the focus that there is on security in the network, cybersecurity, compliance with regulations and the expectations from governments.

Of course, none of this again is possible without the staff. Maintain a healthy organisational culture and engaged staff aligned with organisational values. We have invested in management training at all levels right down to training of staff as well in order to build a strong organisation.

So, there has been some questions about how do we plan. We are now putting forward a vote for the charging scheme and that is the input when once we know how much money we have to the planning of the how we will spend the money. So each year we make an activity plan that is approved by the Board in December. Then we execute on that and we present an annual report at the end. So now we are presenting the annual report today and in the GM, the financial report, on what we did in 2022. And then we already made the activity plan for this year. And then in the autumn meeting, we will work on the input to the activity plan for next year. So we have a planning cycle that is halfway overlapped. I have seen people arguing that we should start the planning even earlier. I know that some organisations like ICANN do that, they have the plan even one year earlier, but that adds a lot of overhead on planning. I'm sure that most of you wants to get your job done and then plan the next job, so doing planning before you have finished the previous task is awkward and I think the cycle we have here we figure out how much income we have and then we make planning for the spending is a good planning circle. That was the recommendation from the task force back in 2012. The members asked for predictability and knowing as early as possible what they are going to pay.

Of course that can change, but this is the way we do the planning.

Right now we're done in May and we're presenting the financial report from last year and we're voting on a charging scheme. In September, we will do a draft activity plan on budget, we will publish that before the GM, you can all comment on it and we will discuss it and then the Board will approve that at their December meetings. The members approve the charging scheme, the Board approves the budget.

So this is then the sort of yearly cycle. In between all this is planning, it's important that we have focus on execution as well. It shouldn't be all about the planning. We have to implement the plans too.

So I put the researches here so you can look this up.

Now, going back. I saw in the mailing list that Members Discuss list, that some people started to look back to 2013. Now, that's ten years ago. That's way before I took this job. I have been here for three years now. But still, it's interesting to look at the numbers.

So, in that period, we grew from 9,899 members up to 25,000 and the cost per LIR went down from 1,900 to €1,200. Everybody was happy, the RIPE NCC could grow, the members paid less per year. And no questions asked.

Looking at the numbers, the number of LIRs increased by 154%, So two and a half times number of LIRs. At the same time, they increased the number of FTEs with 16, so that's full‑time equivalent, so not number of heads but number of staff. So if you are working half time you have half an FTE. Total cost increased with 66%. In this period, the inflation was 10% so in reality the total cost increase with 55% while we had an increase in LIRs, 154. The cost per LIR went down by 35% in this period.

So, 2019, the RIPE NCC is caught up with increased focus on sanctions. We have regulations, GDPR has been there for some years, but that has added additional scrutiny and compliance requirements on the organisation. We have the security regulations from EU. We are not subject to them but they set an expectation that we should be ‑‑ it should be possible for us to be auditable and held accountable for security and compliance with our services, and to our national security regulations and we have 70 countries in our service region and they are all looking over our shoulders and seeing can we trust the RIPE NCC and we need to demonstrate that to them.

Banks have increased their scrutiny due to anti‑money laundering regulations and sanctions. They don't want to accept any transactions from anywhere anymore, they are checking them. If they think the trust anchors is suspicious, then they will stop it and they will contact us from. We have the pandemic coming in, I started during the pandemic which was a great experience but it was really great to see that the organisation had moved fully virtual, including training courses and everything.

Then came the war, which puts additional strain on, personally, my colleagues from the Ukraine and Russia, our members from Ukraine, our members from other countries, and we have had war in other countries in our service region that we have kind of forgotten about because we are used to that. So this is something that ‑‑ adding to our stress level, everybody's stress level. As a follow‑up things, we have the energy crisis, we have inflation.

Now we have done a lot of mitigations, that all costs money or resources in some way. We have established a security risk and compliance team led by the chief information security officer. We have increased the legal team. We have invested in automation of sanctions screening. We have started to implement formal compliance for frameworks for RPKI. And we have done a lot of manual clean‑up in internal systems. We have databases back to the nineties, and there are things there that have required manual clean‑up that have required consultants for a period of time.

We have reviewed all or job descriptions and conducted external benchmarking. We now have a better salary system. So we don't only have engineers and senior engineers, but we also have specialists at principal levels so it's possible to keep good engineers as specialists and not promote them to monitors because they really want to focus on their skills. And we are also then competitive in the market.

And we have implemented new financial governance, so we have much more control of all the spendings and there is proper approval of all costs.

So, what does this mean for the numbers then?
We lost 7% of the LIRs in this period. The FTEs increased by 10%. I told you I have hired more lawyers and I have hired security people. We have added more people to the registry for the other workload. And the total cost increased by 9%. At the same time, we had 17% inflation during these years. And the cost per LIR increased by 16%, so slightly less than the inflation.

So, going to the annual report. How many have actually read the annual report? Okay, so we put all this effort into producing a very nice and beautiful annual report and nobody reads it. So I have taken some screenshots from it so you can see what's in it.

There is a highlight of the year on a timeline so you can see all the events that we have been ‑‑ that we have had. There is an overview of the members. You can see which countries we have the most members, where we have the top growth. And the LIRs per countries.

There is an overview of the transfers. You can see most transfers happen within France, Germany and Russia.

And the inter‑RIR transfers are mostly with the ARIN service region. AFRINIC is not here. They don't allow inter‑RIR transfers at all.

Reports and investigations. One interesting thing here, when I looked back at reports to 2013, is that the number of hijack investigations in 2013 and 2022 were approximately the same. While all other kinds of investigations have increased significantly. And that's a good thing for the Internet.

We're not only about numbers. We also operate one the 12 route name servers, one of the 13 letters. Our lettered k‑root has around 100 instances and that's out of a total of 1,700 instances among all the operators. It's really a massively redundant network and we're operating this for all of our members, 20,000 members chip in to operate vulnerable route servers to create a stable root in the DNS system. It costs us about a million a year, so it's not terribly expensive but it's really important.

We have measurement services. We have RIPE Atlas, more than 11,000 probes where you can run your own measurements. We have RIS collecting BGP routes from a lot of places around the world, so you can see what your routing announcements looks like from multiple places and we have RIPEstat which is kind of a looking glass into this on the other sources of data where you can look up and see and analyse data.

We have had a lot of events. Again in 2022. The two years before were not that many. We are doing training courses, both webinars and in person, and we also have certifications for a database associate, for IPv6 fundamentals, IPv6 security and BGP security. So this is all about deploying modern technologies and using our services and securing the Internet, which we believe it's important that we help you doing

NOGs and regional events. We don't only bring people no a central eventuality. We're here in Rotterdam, and there are, I don't know how many hundred we are now, I think it's more than 400 in the opening, so I think now we're 700 or something already. And it's great that a lot of people can meet. But we also travel out so that a few staff members goes to remote places and holds smaller events and brings in people that would otherwise not be able to travel.

We have MENOG, we have Cape IF, and we have SEE, which are regional meetings. We have RIPE NCC days, which is one day events where we meet less people from countries that we see do not participate in any of our meetings.

We have had two big meetings last year, RIPE 84 with 769 attendees on site and RIPE 85 in Belgrade with 494. So you see if we go to a central location like Berlin we get more participants, but if we analyse who came to Belgrade we will see that people were coming there that would otherwise not come to a meeting within the EU.

We have a community project fund and you can find here an overview of which project we funded in 2022. It's a community selected committee that selects these projects, but it's funded by the RIPE NCC.

RIPE Labs. If you have something that you would like to publish, then RIPE Labs is for you. You can publish your articles there and we publish interesting analysis or stuff that we think is important to share with you

Activity plan and budget 2023:

I presented that at RIPE 85, Then it was drafted. You had the possibility to give feedback to that and it was approved in December by the Executive Board. So it's not that entirely make up what we're doing myself. Of course it's me, my management team and my staff that creates this plan. But it is shared with you so you can give input and we're taking that input and the Board approves it.

Now, we don't get that much input on the activity plan and budget but when we talk about the charging scheme, then we get a lot of input. So I wish we could actually try to generate the same amount of input on the activity plan this autumn when we publish that.

The budget for 2023: We saw that the number of LIRs dropped by another 4%. I mean, we invoice in the beginning of the year so we basically know how much money we have after doing the invoicing. We have a budget of around 40 million but we have invoiced around 38 million. So, I'm steering towards not using more money than that. We had an inflation in the budget of 10%. Luckily, the Central Bureau of statistics in the Netherlands are now reporting inflation around 5.2% for this year. I think that's very optimistic. I have heard that we will see higher inflation towards the end of the year, but I hope I'm wrong.

The cost per LIR, the combination of the increased cost due to inflation and other growth and the declining LIRs is a cost increase per LIR with 20%, and do I understand that you're concerned with that.

So, where does this bring us if we look forward? Now I just mention that I am steering towards not spending the full 40 million. My CFO thinks that we will be at 38, 39 million somewhere. I have set a target right now on 27 and a half. That means that we need to think really carefully about spendings for the rest of the year so that if we only have 38 million income we should not spend more than that. I mean, that's basic economics. We do have large reserves so we can afford to make a loss. But in principle, we should try to stay within that.

It's going to be interesting to then look even further ahead. I am looking at the estimates here and taking that into '24, '25, '26, you can see that with a growth or an inflation of around 3% each year, 5.2 this year, we would end up with the 41 million budget spending in 2026 and around the 2,000 cost per LIR.

This is something that we saw ‑‑ I was RIPE Chair and advising the Board before I came Managing Director, and I suggested looking into a new charging scheme which is introducing categories model. There has been a lot of discussion on that. We have taken some of the input and improved the scheme. There is a lot of ‑‑ there are strong voice that is said we should have gone even further but I think what we have on the table now is one step in that direction. If the members want a charging scheme with different categories, then let's go ahead and make this the first step and then we can refine that further in the coming years.

If you don't want that, well then there are options to vote for the existing charging scheme and then we will stick to that for some years ahead. Simone will talk more about that in the GM.

Activity plan and budget. Planning timeline, as I said, we now have RIPE 86 in May. Fergal will tell you a bit about the RIPE NCC survey that is coming out. We will have an Executive Board meeting in June that will give direction, will have a kick off on the planning process in August, we will publish the Draft Activity Plan and Budget and we will discuss it November at the meeting and then the Board will approve this in December.

To, hopefully you now got my message, what happened before run‑out when everybody was happy. The disruptions, the declining LIRs, and my assurance that we are listening and we do want your input and please respond to the survey.

And that's perfect timing Kurtis because that was my last slide. He says it's like magic.

KURTIS LINDQVIST: We have a question from Meetecho. So, I'm going to get that question first.

ROB EVANS: A question from Dmitry of ANT. No. One ‑‑ this is a question in three parts.

One, this year it was hardly transfer money from Russia to the EU. It was a little adventure. What will happen next is unknown. I think something should already be done so that we can pay to a bank outside the EU.

HANS PETTER HOLEN: If I can answer them one by one. So, in the presentation in the GM, Simone will talk more about the payments. We have been pretty successful in collecting from Russia but we do see the problems that could be ahead so we are looking carefully into that. So thanks for the feedback.

ROB EVANS: Second part: "Why do we have only one scheme with categories and three identical but with different amounts to vote on the payment scheme? Why will online and members discussions needed if everything that was discussed is sent to the trash? Why is the scheme with the same payment for IP per 24 network persistently not brought up for discussion?"

HANS PETTER HOLEN: So the original proposal was three categories, or four categories, and we have changed that scheme based on feedback into ‑‑ is it now five or six? Simone will talk more about that in the GM. The proposal with a linear scale, we analysed that and we see that that would be a very dramatic change in one go. It would leave less than a percent to cover more than 50% of RIPE NCC's budget. If the members want to go in that direction, that is something that we can do next ‑‑ look into next year or the year after. None of the other RIRs are doing that. They all have categories but they do go much further up in cost than the RIPE NCC. I thought, having the top category be around €10,000 is something that will not cause too much alarm with any of the members now. But if we bring it even higher, we will get significant push‑back from them. Look at this at one step on that ladder.

The reason we have three proposals on the existing scheme is because of membership feedback. I originally wanted to have just two proposals where you would vote simply on the structure and not on the size of the budget but since members asked for having different options for the size of the budget, we introduced that.

ROB EVANS: This is a different question from Dmitry. "Maybe for better choice of payment scheme you should first vote on categories 2, one payment, 3, one payment plus resource payment."

HANS PETTER HOLEN: So there will be more explanations about the voting system in the GM. But it's a preferential vote. So in the way you are voting by ranking your preferences, that is actually taken care of in the system. The reason we split out the ASN numbers and the transfers is that making options with all of those would multiply up by six times two times two, which would be too many. So we decided it was better to split it.

KURTIS LINDQVIST: Just a reminder, this is not the GM. That's the meeting after us. So, if you could hold the GM related questions for the GM. Otherwise we'll have nothing to talk about there and it will be really boring.

HANS PETTER HOLEN: And I will be on stage in the GM as well with even more numbers, as you can see I'm a numbers junkie. So, some of the other questions about datasets in the spendings, I will address there so then you can ask me questions in the GM as well.

KURTIS LINDQVIST: Any other questions for Hans Petter who is now a little bit over time? Okay. Thank you Hans Petter.

Next up is Felipe with the registry and technical update.

FELIPE VICTOLLA SILVEIRA: Good afternoon everyone. I am the Chief Technology Officer in the RIPE NCC. And I am also acting chief registry officer. So today I would like to give an update in the registry and in technology.

I will start with our service levels. Our objective here is to deliver world‑class service to say our members. We define success through three different key results: NPS higher than 80; customer effort score higher than 6.5; and responding to our tickets within one business day.

So let's start the net promoter score. The question we ask is how likely are you to speak highly of the RIPE NCC to your friends and colleagues? The response that we got from Q3, 2022 was a score of 68. 535 responses. In Q4, that increased to 81 based on 529 responses, and in Q1, this year, we got a sore of 74, based on 594 responses.

There is a slight reduction compared to last quarter, and that's probably due to the billing cycle that the billing queue got a bit lower scores than the other queues.

So paying invoices don't make people happy apparently.

Here is our objective, we can see we are very close to our objective in all the three different quarters.

Now, customer efforts score, to what extent do you agree or disagree with this statement: The RIPE NCC made it easy to handle my issue?

Our objective here is to be above 6.5. You can see that we managed to do that in all three different quarters that we measured this. In Q3 we got a score of 6.51; Q4, 6.59; and Q1, 6.55. So this actually are quite good scores.

Now, percentage of tickets responded within one business day. We got data here since January 2022 up to April this year. You see there are three dips in our performance. One was in March last year, and it was right after the war in Ukraine. So we got a lot of queries about the invoices and all sorts of stuff. Then it got a lot of dip back in July and that was a combination of Covid cases in the office and also with the holiday season, so a lot of people were on vacation.
And finally, in December, last year, that was due to a large number of transfer requests that we normally see by the end of the year.

For this year, the numbers are actually looking pretty good. As you can see, from February onwards, we are above 99%.

Now, I'd like to go to my next topic, which is the registry accuracy. Our objective here is to ensure a highly accurate and compliant registry. We have four key results. So it's a verifying all members and end users every five years. To do at least 200 ARCs per month and finally to find no inaccuracies in the registry when we do an ARC.

I'm going to go through each one of them.

So, first a short explanation how do we measure a registry accuracy. So every time we do a transfer, and M&A, we ARC a member, we verify their information against an official source, like, for example, an online registry, could also be a company registration papers and so on. So at that specific point in time, we know for sure that that record is correct. So, one metric that we have is what you call "last verified date" so every time we verify a member against an official source, we add a time stamp. And then we present the results in an aggregated way, like, for example, percentage of members verified in the last two years.

So let's see some numbers now. The first time that we measured this we had about a quarter of our members verified more than five years ago, so that's the red area in the chart. So what you want to see is the least red as possible in this chart. You see that's going down.

In Q1 this year we measured at 7.19%. So it's a huge improvement when compared to a couple of years ago when we started measuring this. We're not there yet, but it's already a nice improvement.

Now percentage of end users. Here, the situation of a bit more dramatic. So first time we measured more than half of the end users were verified more than five years ago. So for that, we did a task force using temps, and then we went for a large chunk of these end users and then that's why you see it goes down very quickly, and then after that the gains are more incremental.

Last time we measured was about 10% of the end users verified more than five years ago.

So we're getting there slowly but surely we're getting there.

New, number of ARCs completed. Just a quick recap. ARC, that's our assisted registry check, is our audit activity that may have two goals. First so to ensure quality registry data and the second goal is to promote a good understanding of RIPE NCC Services.

So our objective here is to be above 200 per month. You see there is not good performance leading towards the end of 2021. And that was due to a couple of reasons. First one was very large number of new LIR applications. And then the second reason was a large number of transfer requests. So we had to ask our colleagues that are doing ARCs to help with the ticket workload so we had to reduce that.

So the situation pretty much normalised by about mid‑last year, and then since then we have been either meeting the target or been very close to meet the target.

Now, percentage of inaccuracies. So first a short explanation here, what it's about. So I explained before that when you are doing an ARC on a member, we verify their information against an official source and sometimes it turns out that the information that we have about the member is incorrect. Like, for example, think about an entity that went through an M&A and we didn't know about that.

So, we have been collecting data since August last year, so we have a nice sample size by now. So it's 1,800 ARCs. And out of these 1,800, only five members went through an M&A and we didn't know about it. And only eight of them were closed company and we didn't know about it. And these are important inaccuracies because this involved a change in resource holdership.

To summarise the first part of my presentation. The service levels are really good, according to our measures and targets in Q1. So our NPS score average is 74. Our customer average score average at 6.55.
And our ticket response time averaged 99.28% of all tickets responded within one business day.
The accuracy of the registry is not there yet. 92.81% of the members and almost 90% of the end users were verified last five years, and we found only 0.73% of inaccuracies in the registry that involved resource holdership change.
However, the numbers are getting better every month. So we're not there yet, but we see an improvement every month.

And I'd like to take the opportunity here to thank my colleagues in the registry for working so hard and for achieving such a great result.

Thank you very much, guys, I really appreciate it.


So now the second part of my presentation is the technology update. So here I'm going to talk about the Cloud, service criticality and improvements in our SSO.

So, starting with the Cloud. In the RIPE NCC, we're constantly exploring ways to improve the quality of our services. It could be in terms of improving the resilience, availability, security, also reducing the latency.

One of the ways we're looking to improve that is through the usage of Cloud infrastructure. However, I want to stress that we recognise our unique position in that some of our resolverses like for example RPKI and K‑root should probably not go to the Cloud. So, these services are excluded.

Over the past couple of years we have worked extensively with many of you in the community ‑‑ I would also like to thank you you guys for that ‑‑ to define a Cloud strategy and service criticality frameworks. So they are published, I included the link over there. And these two frameworks combined, they provide us with the necessary guidelines to know when is appropriate and when it's not appropriate to use Cloud infrastructure. And in that way, it makes it possible for engineers to leverage these new tools and techniques while at the same time avoiding being too dependent on third parties to run key Internet infrastructure.

So the Cloud strategy framework outlines a set of requirements for the use of Cloud providers and these requirements are based on how critical these services are either for the operations of the Internet or for the operations of our members. Like, for example, if a service is considered very high in terms of criticality on the availability aspect ‑‑ I'm going to explain that in my next slide ‑‑ it means that you have to be very strict considering where to send things to the Cloud. For example minimise vendor locking, we can only use a bare amount of VM or containers in a Cloud and to avoid dependency we can only use a fully distributed architecture, which means we can only use Cloud in addition to our own infrastructure.

If the criticality level is high, then we have a bit more lenient, so we can use managed services, things like managed databases or container orchestration, however only open standards are allowed.

And finally, to avoid dependency we don't have to have a fully distributed architecture; however, we have to have a fallback on premise that's available one one hour.

We have recently published the criticality ratings for many of our services. I include the whole list here. There are three different categories in which we evaluate the criticality of the services. Data confidentiality, so this measures the impact that a data leak would have. So if you have a lot of personal data in a certain service, then the criticality level would be very high.

Measures the impact that being hacked would have. So, for example, if the RPKI keys would get compromised, so that would be a hack. And then integrity is very high in the case of RPKI.

And finally, data availability measures the impact that the service outage would have. In the case of RPKI, it's also very high.

And this is the part that links to the Cloud strategy framework. So that's from my previous slide.

Now, I'll change topics and talk about our SSO.

I have report about this in RIPE 84, RIPE 85, and I'm reporting about it again and I promise it will be last time because you are probably getting fed up with SSO.

This boils down to replacing our back‑end engine that we use with something else. And to do a ground‑up rewrite of the homegrown layer that we built on top of it. We have favoured a key cloak, which is an open source solution over auth 0, which is a softer as a service solution, due to the latter not fulfilling our requirements, and that was mostly because they are not available in all countries in our service region and that was basically a deal breaker for us.

And this choice will give us more flexibility in terms of deployment.

So this project is in very advanced stage and we should be deploying it to production at the beginning or mid‑next month. We have followed our Cloud strategy framework and our service criticality definitions, just to recap, which is always considered high in terms of availability in terms of criticality. So we can put things in the Cloud. However, it has to be open standards if you are using a managed service like Kubernetes for example is a container orchestration service and is often open standard and also we have to have a fallback infrastructure available on premise, and we also have that.

So we decide to deploy to the cluster in AWS, it's called elastic Kubernetes service and in parallel to that we are looking to establish our own Kubernetes cluster on premise which can be used as a more resilient backup not just for SSO but for also other services that we decide to move to the Cloud.

To so summarise my presentation: We are constantly looking to ways to improve our services, exploring Cloud infrastructure is one of the areas that we're doing in order to achieve that goal. A recent updated Cloud strategy framework to be added with the definitions for service criticality. Gives us the necessary guidelines on how to best use this technology.

Improvements in our SSO are planned very soon and we look forward to your feedback about it.

Thank you very much and open the floor for questions.


AUDIENCE SPEAKER: Erik Bais, thank you for the information about the ARCs. Could you also provide for the next meeting some insight on PI assignments, the RIPE NCC is also doing reachout to PI space holders about their company structure, changes in the company structures, companies being deregistered, non‑responsive PI holders which also has an effect on PI space being deregistered and then coming back available to the pool. And those are not part of the ARC numbers, right?

FELIPE VICTOLLA SILVEIRA: You mean about the inaccuracies of the ARCs?

ERIK BAIS: Networks about the PI space holders. So, the ARCs are for the LIRs only and the PI space that's being reclaimed, that's a different process and not part of the numbers for the ARCs, right?

FELIPE VICTOLLA SILVEIRA: Probably not on the ones that I have just shown.

ERIK BAIS: Could you provide some insight next meeting to have those numbers available as well? Because what I have understood from the update from Marco during the Address Policy this morning, there are still PI space being reclaimed coming back to the free pool, which benefits the waiting list holders. But we need to have some more insight on how many times that is happening. So here, you had like five M&As and a couple of closures and I am sure for the PI space holders that's much more.

FELIPE VICTOLLA SILVEIRA: Yeah, I will try to get that for you. Thank you.

AUDIENCE SPEAKER: Brian Nisbet, sorry I realise this is very early days and I apologise for this EU legislation question, you but it's great to see the level of accuracy, but do you have any inkling or interaction in relation to if NIS 2 will bring any additional burden in relation to know your customer pieces and those kind of matters on the database?

FELIPE VICTOLLA SILVEIRA: I don't think so in terms of the registry. It might be in terms of the security requirements for example. And that's why we're looking into all sorts of compliance frameworks like ISO 7001, the 2000 for RPKI. For the registry off the top of my head I cannot think about anything.

AUDIENCE SPEAKER: Marco, SIDN. I just had a quick look at your Cloud architecture framework, I wasn't aware that the RIPE had one. It's interesting, it looks very promising in the clever written down so I was wondering a quick question: Did RIPE design that all by itself or did you consult external companies for some expertise?

FELIPE VICTOLLA SILVEIRA: We did by ourselves but we did together with the community. So probably if you look back in the archives there was several open houses, we published the articles, asked for feedback, so it was kind of done together with the whole community. But inside the RIPE NCC we didn't use any external expertise. We didn't engage with consultants.

KURTIS LINDQVIST: Okay. No further questions. Sorry, we have got some on Meetecho.

BIJAL SANGHANI: This is Robert Scheck from ETS GMBH. He says: "Whenever I read Cloud at the RIPE NCC, it feels unfortunately like a synonym for AWS, is there somewhere a list of Cloud providers the RIPE NCC uses and which one for which service?"

FELIPE VICTOLLA SILVEIRA: We don't have it published, we can look into that. Off the top of my head we have AWS, we have Google Cloud, we have parts running in Lynode as well, and I think that's what I can remember off the top of my head, if my colleagues ‑‑ I see them kind of nodding. So I think it's probably correct. These are the three that I can think of.

KURTIS LINDQVIST: Okay. Anything else? No. Thank you Felipe. So next up is Fergal to talk about the 2022 NCC survey.

FERGAL CUNNINGHAM: Hello everyone, I am Fergal Cunningham I am head of membership engagement at the RIPE NCC and I am here to officially launch the RIPE NCC survey 2023.

So, our surveys. This is a big one. We have a lot of feedback mechanisms more than I can think of but this one which we do every three or four years, it has a huge reach. It's by far the biggest engagement in terms of participation, and it provides some very clear input that we can work with.

The goal of the survey is simple. How can we best meet the needs of the members and the community? What direction do we need to be taking in the coming years? Hans Petter referenced that we'll use the input from the survey in the activity planning that we do. And importantly, what are important issues you face that we need to be aware of? Because this really helps us to focus on what's important for you.

Just a bit of history. We last did this in 2019. We got well over 4,000 responses from over 100 countries, which is a lot for us. We had 36 key findings that were identified as a result of this survey. And we investigated and acted upon all of them and we published the actions we take that address those findings.

In 2023, we have an independent company called Survey Matters who runs the survey for uS; This means that your responses are anonymous, and it means the results are analysed independently. So we're not correcting our own homework.

Survey matters did our last SURVEY and they did it very well, I think, and they have done APNIC's last three surveys, they very good industry knowledge and experience and they specialise in doing surveys for membership organisations, so they know our structure and the type of organisation we are, and by this stage after working with us and APNIC they know the topics very, very well.
I think we still have a reasonable number of questions. In 2013, we filled in a lot of complaints about the length of the survey, SO we have brought it down dramatically really. You don't need to answer all the questions. And there are free text questions so if you want to elaborate or talk about what's interesting to you, there are places to do that. So it can take as little as 15 minutes. We did a soft one. This survey has been opened since Monday, unofficially. It means we know by the time I get to this presentation that the links work which is handy for me.

And we have a few more questions this time. We have already got some feedback that people appreciate that we ask questions on tricky matters, things relating to charging, value for money, things like war and sanctions come up, some of the issues that Felipe has just discussed with third party technologies so we cover some of the tricky issues that we found over the last few years so that you can give us direction and get direction from 4,000 people is pretty powerful.

So we cover governance, service delivery and all the topics you would expect. One thing I'd mention in IPv6 this time we often ask why people don't deploy IPv6. This time we also ask the people who did deploy IPv6, how it went for them, what were the challenges they met, and maybe we can use the input we get to start addressing through training and education and other means the actual challenges that people encountered, and we can build some use cases from that.

The hardest work in the survey is the translations. This is a really time‑consuming big effort from our part. But in 2019, about half of respondents answered in languages other than English. This was great and people really appreciated, we got so many e‑mails saying, hey, thank you for doing this in Turkish, I really, really appreciate doing this in my language. So this year we're also doing it in ten languages, including English. We have added Ukrainian this time. And I really, really want to say thank you to about 22 staff really worked hard to do the translations. Also one of our Board members did the Polish translation. You can probably guess which Board member. But thank you very much to all those staff.

We're going to report back on the findings as always. It will be anonymised. And there'll be an independent report delivered by survey matters, and we'll present the results hopefully in this Working Group if the wonderful Chairs give me some time to do that. We'll make sure all the findings are investigated and we'll plug it into the activity plan and budget as well. For this year and probably next year as well because we get so much feedback.

So we do need your help. The survey is open to everyone. We often get asked but we encourage many people in organisations, there are many roles, many perspectives within organisations, please feel free to pass it to everyone who might be interested in our work and in the community more generally.

Share the link with your contacts. Forward mails, share posts, retweet the tweets, tell your colleagues, inform your NOG communities, that's always good especially the ones we have catered for with languages, anything you can do here will be a huge help. And at this stage I should probably apologise in advance for the next five weeks of sending e‑mails about the survey.

As always, we offer prizes. It's already open. It will be open till the end of June and we're giving away prizes every week. This time we changed it up. We got some complaints that we were using one company for prizes. We have mixed it up quite a bit this time. We're also including a trip to the next RIPE meeting, travel and accommodation, or ‑‑ and I think this is a really nice aspect ‑‑ if you don't want a prize, you can donate to a charity. So feel free to do that. We have a list of approved charities that you can choose from. The earlier you enter the more chances you have to win, which is obvious.

But in a nutshell, just go to this link please, and fill it out. It's a huge help and we'd really appreciate it. Thank you very much.


KURTIS LINDQVIST: Thank you, Fergal, I am personally looking forward to the five star hotel with my champagne bolt waiting for me at the next RIPE meeting. Any questions for Fergal?

BIJAL SANGHANI: It's another question on Meetecho. From Dmitry Serbulov from ANT. And he says: "It would be nice to translate IPv6 courses into regional languages, that would be very helpful." Can you think can you think thanks, we are trying to do more with translations in the NCC. It is difficult and we're looking at different ways to do it in different parts of the company but happy to get that feedback and we'll look into it. Thanks.


KURTIS LINDQVIST: Okay. Thank you.

So, next on the agenda is the discussion of the policy proposal 2023‑03. So Sander is going to come up as one the proposers. While he comes up, I'll explain to you, we don't have that many policy proposals in NCC services, so let me just explain what's going to happen next. We extended the discussion phase until next Friday, so you have got until next Friday to propose any ‑‑ express views on the current proposal. At the end of next Friday, the proposer will decide what the next step is. If the proposers wants to move forward to the review phase, They will have the right of the proposal based on or ‑‑ or revisit the proposal based on the discussion and then if the changes are non‑substantial, as the PDP says, the Chairs will agree with the proposer if this goes to the review phase within four weeks. That's the steps that happens after next Friday.

So, however, we'd like to encourage you all to provide support. I'd like to remind you that there were some expressions in the mailing list that any support you give in the discussion phase does not count for the review phase, though. So you are going to have to show activity in all these phases to get a policy proposal accepted. That's how the process works. And silence is not, in fact, consensus. It's the complete opposite. In the PDF, you have endorse the proposal for it to move forward.

I believe there's been some discussions in the hallways, plenty of feedback on the mailing list recently at least, and I think Sander is going to talk about what they intend to do with that feedback.

SANDER STEFFANN: Thanks Kurtis. I'll start with a bit of background. Last year in the Berlin meeting, we had some discussions with Ukrainians who were afraid that invaders would come and force them to transfer the IP addresses to them. I can see why, because I have seen pictures where computers were broken open and when the invaders left they took all the SSDs and video cards with them because they were worth money. So, you know, if they plunder like that, why not plunder the IP addresses? I don't have any actual data with me on how often this kind of stuff happened but there was a presentation on Monday, I think, that clarified that.

So, basically the idea is provide people with an opportunity to say to the NCC we're not going to transfer our addresses. Like, if later we claim we want to transfer our addresses it's probably because somebody is threatening our families. Please log this so that we are safe and people cannot force us to do anything.

This is clearly an option. Like some people are like oh, I feel more vulnerable if I would lock them like that. Fine, don't use the option; it's something in the toolbox that people could use to feel more secure.

Now, of course, this doesn't only happen in Ukraine. There can be other situations where people want to make sure that a rogue employee doesn't transfer anything or, you know, there is different cases. We're like okay, let's make this very generic mechanism.

So, initially, we hope the NCC could implement it without a policy. But we discussed with Athena where ‑‑ and she explained to us that the services contract says that policy overrules ‑‑ like policy is leading. So, we have to have a policy for this. So there may be discussions on whether people think we need a policy for this, but the reality is we need a policy for this.

So, let's work on this.

Now, we had discussions in many different places and that made the work for the Working Group Chairs also a bit harder because discussion at the RIPE meetings, there was discussion in the hallways and the mailing list, it was all getting a bit complicated. So I am happy and thanks to the Chairs for extending the discussion period so we can neatly wrap it up and actually include this live session as well.

So, what the idea is, we have a policy that basically sets some constraints for how the RIPE NCC should implement this. We didn't do it in Address Policy because if you actually look at the text, then it's talking about the service that the NCC provides. Yes, it's about transfers, but that's about it. The content is actually about the service. So, that's why we thought it belonged here.

I have, this morning, mentioned this at the Address Policy Working Group as well to make sure that they are aware of what is going on. So, I think everything on that ‑‑ in that area is fine.

We had some discussion whether it should be in this Working Group or Address Policy. Like I said, my feeling is strongly that it belongs here. So, I would like to keep it that way. I know some people had comments on that, so please ‑‑ those people please go to the microphone and express what you think of the current opinion.

KURTIS LINDQVIST: I actually forgot to say that we discussed this at Address Policy Working Group and agreed that it's staying in RIPE NCC Services for the time being. You can express your opinions but that's what we have agreed.

SANDER STEFFANN: Fair enough. So there were some other questions raised, like the transfer policy explicitly says: Every member has the right to transfer their addresses. So, I will make sure that in the text that goes for the impact analysis, we will actually add a single sentence to that policy as well to make sure that the conflict is explicit in this and we don't have any vague situations anywhere and make it as clear as possible.

So, yeah, the status is currently we have a framework. Oh, this is also what I wanted to highlight. I didn't want to prescribe how and why the NCC should do things. I am very careful not to micromanage the NCC. The NCC has a legal team who know what they're doing and since this is very legal‑related, it's like if we write the policy too prescriptive then we're basically getting in their way. The way the policy is written is it sets constraints. Like this is the framework, and explicitly also leave some space for the RIPE NCC to build a proper implementation of this. Because ‑‑ and it's a different way, I don't think we have ever written policy this way ‑‑ but I tried to strike the balance between making sure the NCC does what the community wants without getting in their way. So, please comment on that as well if you have any comments. Denis was you one of the people on the mailing list who had some input. I talked to Denis, I will take his remarks into account for the version that goes for the impact analysis. So, at the moment, my personal feeling is that we, at the end of the discussion period, we can move forward. Unless, of course, people speak up now. So I'm really curious, like, do people like the way we're doing this? Is this the right way forward? Are there any things that you think should change? And I'll happily incorporate everything into the text. I did my best to write a good policy but nothing is every perfect. So if you can help, please do.

KURTIS LINDQVIST: It might be worth adding as well that before the document actually enters the review phase, there is a four‑week time period from the time we agreed to this until it actually happened. But before that happens the RIPE NCC will provide an impact analysis, which is, in this case, I think, written by Tina's team in legal which would explain what would happen and there will be part of the discussion that you have for material for the review phase when we get there. So there will be more analysis by the NCC at that point.

Right, Erik?

ERIK BAIS: Erik Bais. So, Sander, first of all, on the policy itself, I made some comments on the mailing list. I had a discussion with Athena about, do we actually need to have a policy for this, and I want to state here as well I support the policy as you have it currently. One small remark it might actually be better for future policies that you may want to propose to actually have some supporting slides because it's actually easier in the room, and if you need some help with that, let me know, I have done some of those myself.


KURTIS LINDQVIST: Thank you. Any other feedback, questions, thoughts? Also support is good. Because I want to stress this again, that if you are all quiet then nothing is going to happen. That was the issue last time and then luckily we got some engagement towards the end. I want to stress that if you believe this is a good proposal you will have to say that. Thinking it isn't good enough.

AUDIENCE SPEAKER: Andrei ace. I remember a discussion at the RIPE meeting in Belgrade about this topic. And I think there were plans to put temporary transfer lock measures in place. So, have there been temporary transfer locks and how many so far?

SANDER STEFFANN: I heard the numbers via via, so I think you have the actual numbers.

KURTIS LINDQVIST: We got the numbers. I think there was three requests and one had been approved and that was not the Ukrainian one, just putting it out there. I am saying that because it shows there might be other needs as well. But that's the data.

SANDER STEFFANN: One comment. Like you said we have a temporary lock mechanism now, which has a deadline. Considering we are still working on this policy at the GM, I will formally ask the Board to make sure that there is no gap and that the temporary lock mechanism is extended a little bit. But that's up to the Board of course. But I will put in the request.

AUDIENCE SPEAKER: I want to say first of all, Sander, thanks a lot for the work on the proposal for this policy. I can say that we support all proposals and while we're discussing this issue, we found that these proposals and these temporary locks can be used in a more issues than only to prevent only Ukrainian LIRs from the threats. That's why it can also prevent big business from the left IP addresses and see more depths for this issue. It can be useful for all members and of course we do not know what the next time a dangerous situation can be for different countries or different companies or different business, and if big business do not plan to do some transfers, to be sure that they are protected. You can also make some measures and to use this lock. Thanks a lot RIPE NCC for such attention for this issue of course.

KURTIS LINDQVIST: Thank you. Any other comments, questions? No. Okay. Well next Friday, as in not this Friday but Friday in a week, is the deadline. So you have until then to provide feedback on the mailing list. Thank you Sander.


So with that, it's over to Christian with his BAS.

CHRISTIAN KAUFMANN: Thank you Kurtis. So, I am Christian Kaufmann I am the outgoing Board member, and for the people who remember, I have been here for quite a long time, so twelve years. And what usually happens is when you come to an end of a phase in your life, you become all melancholic and look back what have I actually done and why. And when I thought a bit about that and started to actually write it down, so to have a little bit of resume for myself, I thought let's actually share that so that a future Board member can get a bit of an idea of what they get themselves into it before they sign up for it, but also to have a bit of a summary of what I did and on top of it, you will see that two things which are close to my heart which I thought we should have a quick talk about because they confuse people, or they were not transparent.

So, I joined in 2011. At the time 186 votes were good enough to be elected. That might be not true this week. I will assume it's a little bit more.

I then served from the beginning actually as the Board secretary, for seven years. It was four years Chairman during Covid, and because I got myself into trouble and joined the ICANN Board, I stepped down in September a day before I joined the ICANN Board and then was a regular Board member till end of this week.

So, what is actually being involved in being a Board member? One thing, you get a lot of e‑mails. And these are just the e‑mails which are coming to the mailing lists. We have two of them, an internal one that's the orange number and a blue one, and that's basically from 2011, the numbers are a little bit small till now. Apparently in the middle we had a little bit of spam issue as you can see, which we got to sort out. But that was roughly the amount of e‑mails you get. And these are just the ones which are not in the mailing lists or the private ones or to projects or other stuff.

On top of that, if you ever get bothered, or like reading, I can really recommend being on the Board, because you get a lot of entertainment and documents. Apparently, if you look through the archives we got 1,245 documents submited in these twelve years. And and they are just five pages here, which some of them were not, I can promise you. Then this is like 4.8 times one piece from Tolstoy, or if you are more the Kafka person, it would be the same as reading The Trial and it sometimes feels like that 24 .5 times. So, if reading is your hobby, certainly one thing I can recommend, join the Board:
But we are not just allowed to read. We actually also meet once in a while, apparently 91 times, which is accumulated over time 325 hours. And these are the official Board meetings where you have minutes, and where you can actually see what we do.

The blue ones are the Board meetings. You see they were all between 5 and 6 four regular ones during the year and then the two which we have during the RIPE conference week. And then we decided to have more. And added another two. This is then the increase. And then recently there were sanctions and as Hans Petter mentioned, the war in the Ukraine, we also got additional ones which were not regularly cadenced so we didn't wait for the next Board meeting. If something urgent comes up, we add additional ones in between and then you end up with even more of them.

What you have seen is basically the Board meetings and a lot of the regular work. What you haven't seen in the hours is actually little hobbies and side projects the Board has like hiring a new managing director three years ago. I took the liberty to count that. In that case I talk talk about 70, 80 hours job description, RFP, internal consultations, talking with the external organisations, all the job interviews, drafting a proposal and then signing a contract. War in Ukraine and sanctions were mentioned multiple times. Covid of course. Where we had to meet more often and actually see that staff and the office is safe. But other things as well like multiple IPv4 runnouts, I stopped counting from the last /8 to the various rounds. Stability of the RIRs system. Secondary market was a big topic a couple of years ago. Kind of disappeared a little bit. GDPR is probably more quiet these days, but was when it came up certainly a big topic. Legal disputes, government regulations and this is pretty much what all of the Board members have. That's not just specifically me, that would have been what everybody gets as a workload. If you are then the Chairman for a time, you get probably double the amount of hours during the time. You are building an agenda, chasing a little bit of your fellow Board members and the NCC and you get a regular, usually very nice and pleasant constructive call with Hans Petter more or less on a weekly basis.

But you're not just working internally. You have the pleasure, certainly it was one for me, to actually travel but also represent the NCC to the outside. And also interact with the other RIRs. So the boxes, the silver grey ones, are the Board meetings. Then the orange ones, if you can read it, are the RIPE meetings. And then I always had a table for APNIC, we did a collaboration with them; I actually attended their Board meetings as well. Because also from what they do, they are also not just an RIR, they are trainings and various other activities, research and so on, going on, and so they were a little bit my favourite one, so I spent sometime there. But then especially as a Chairman, but also in general, there is some exposure to ICANN, IETF as and others, and don't forget the regional meetings from the former ENOG to MENOGS to CNOG, I believe, and other ones as well where we tried to talk to you the members, and see what's going on, or represent the NCC as such.

Changing gears slightly. One of the parts which I guess is not particular transparent to the outside world and to be honest until I was painting this picture, and it wasn't me it was someone may more talented than me on that, I didn't have a complete mental model for it how we actually go through the thought processes especially me when I was a Chairman, because what you get is you get input so many and on so many different levels. You get an input on the mailing list, sometimes they have more characteristics of an opinion, and you get 25, 50, depending on the topic, then you have 20, 25,000 members so this is a subset of it. You have some facts, you have an idea what the various stakeholders and groups have as an to a particular topic. If you talk to enough people you get a rough geographic but also business sector and so on idea what a group wants.

You have the survey, Which is very helpful because now at least 4,000 out of the 25,000 respond, so that gives you a good input. You have previous decisions as an input. And I come to that in a second. But then we also have a mission and vision and you have legal boundaries. If you put these all together, then this is a framework or a corridor how you then can achieve consensus. So it's not just one thing, right. It's a lot of things to balance, and sometimes they are not all pointing in the same direction, rather in opposite directions, then you kind of balance them against each other.

I guess what I specifically have seen this week as well with the mailing list is that some people are really disappointed when they have a very good idea and then we listen to it but then we don't exactly act on a particular single one. And it is very rarely that the whole membership base, which, by the way, just a subset of it actually expresses their view, have a single common view on a topic. Usually there is diversion, you know, from one extreme to the other and then as I said with the model before, you try to get a little bit of an idea where people stand, what makes sense for the organisation and take all these things into account. So, I hope you'll forgive the Board and the management when your version and what you like the most wasn't exactly fitted. Rather, that's what we do, try to think what is good for the members and the organisation as an overall concept and not just what is probably the one single best answer for a particular member.

And the other part is, I said that in the picture before, we tried to balance it a little bit as well with what we have done before. You don't want to have a Board, which you probably see sometimes with politicians, which shift every time you change one or two people the course readily, because, A, you don't have any predictability what is happening. Also an organisation with that amount of staff needs a certain amount of time to actually adopt to something. So if you change the course all the time, you don't achieve anything. And I think all the Board members usually pledge when they talk to you and when they get elected for a stability which you seem to have rewarded so far with actually electing them. So stability seems to be something which is important for us as a community.

This is probably, in my opinion, the best slide of the week. We changed it three times. And it is the nicer and fancier version of what Hans Petter said before. So his version is way more accurate. That hopefully is way more fun.

If there is something you take away this week, how you interact with the NCC and what and when you give feedback to the Board, then please use this one.

I tried to use the whole activity plan and the charging scheme as a buffet. So let's see if it actually works.

So, you have a need, you're hungry and you have a vision, I want to be in a restaurant. So you know you'll make a decision which restaurant you want. In that case you already decide is it a buffet, which kind of cuisine, price level, you kind of narrow it already down, and in that case you have decided for a buffet. You go into the buffet, into the restaurant, go to the buffet and you see all the parts in front of you and now depending on ‑‑ I guess you see it everyday here on the buffet ‑‑ there are very different types of people from us, some take everything, load the plate up as much as possible and use all the services which are available and that's fine. Some are probably more selective and picky and choose one or the other item and have a favourite item. And I think as long as everyone finds something in the buffet they like, this is all good.

If you then come to the end, thank God that's not how it works here, and you get presented a bill, then it seems that in case with the charging scheme we get unhappy about it. Because now, besides that you can discuss the charging scheme and how it is working in itself, there was quite a big discussion about the budget. And as much as that is fair and we should have that conversation, when you do it at the time when you stand on the check and actually checking out and say, well, I didn't use the truffle oil, I didn't want to have the shrimps, you put them there, I don't want to pay for that. That's not exactly how it works. If you have you want to have a different buffet ‑‑ and this is a very fair point ‑‑ well then please help us to I change the buffet. Please help us to change the activity plan. We looked it up in the last five, six years, we had literally three or four years where for the activity plan when it was drafted to us as the members and it was sent out, we didn't get a single response. But every once in a while someone comes and says, yeah, you should add truffle oil, a little bit more cheese, we add it, and say we like that that's good, then of course that has a cost, and if you don't like, that is very fair, then please, when the activity plan comes or when actually the strategy plan comes, if you are a buffet, a fancy restaurant, more like a Burger King, then let's give us feedback to the Board and the NCC so that they can shape it. Otherwise it becomes really difficult, and we as the members get frustrated afterwards because the NCC is spending all that money and doesn't do what we want.

So next time the activity plan comes or the strategy, please give input there because it's way easier to shape the buffet.

With that, let me come to an end.

Board members are usually out of this community, right, otherwise you don't even pass it through the election process. So, we are all the same, and then try usually to achieve the same goal and then, you know, it has some difficulties on the way. That is fair enough. But like me, Board members also go back into the community without having a particular role there. So, we are all the same. The Board doesn't become the enemy or you trust the person, you vote for them and suddenly five minutes later when they sit on stage they are colluding against you. I don't think that this is exactly true. So, please trust your Board members, especially when you have voted for them and put them in in the first place.

I saw a sign if I need a hug, and I might come back to the hug. But there's an enormous amount of work behind the scenes. So, if you go for being a Board member, be careful with that, what you get yourself into. But then I would say that was at least true for my part, it was also very rewarding, even if challenging, so I just can encourage people to actually run and I think this time we have a lot of candidates so thanks for that.

The Board also usually reaches consensus. There is a lot of conversations and, you know, we have, depending on the topic, one or the other outliers left and right, but usually the Board is quite good in actually achieving consensus and having one voice at the end of a particular topic and if really necessary, there is still the options to vote. And as we always say as the last one, the members can help a lot. So, if you give us feedback, and think about the buffet from now on, find the right time to talk about the right topic because then you really make it easier for all of us, and give us honest feedback, then as always, that is very much appreciated.

And with that, I thank you for the last twelve years and wish you all the best. Thank you.


KURTIS LINDQVIST: I am sure we'll do this in the GM again but thank you CK for all the hard work and effort you have put into this and provided to the community over the years.

Any questions about buffets or restaurant relations or anything else ‑‑ truffle oils ‑‑ that you want to raise to CK?

AUDIENCE SPEAKER: Hi. Kurt Kayser, speak ing for myself. I guess you have used up all your CO 2 budget the last twelve years, right. So plan wisely your vacation next year.

CHRISTIAN KAUFMANN: That is true, I am a sinner in that regard, so that's why I started cycling so trying to make up for it.

KURTIS LINDQVIST: Anything else?

AUDIENCE SPEAKER: Hi. Eileen Gallagher, I'll speak for myself here. Thank you CK for all your work. You say twelve years, and I would ask what's your thoughts on term limits because twelve is quite a long time not that you haven't been doing a great job in the twelve years, but twelve years is a long time for a Board Director to serve.

CHRISTIAN KAUFMANN: That was true. That was one the reasons to be honest I tried to basically last time and go away but then I just hired a CEO and three months later was about to escape and I thought that was an unfair act so I actually stayed another one.

It's a difficult topic. I'm actually not against it. At the end of the day, you know, there's also the hope that the wisdom of the members actually does the right thing and elects them. I for my part think if, and I have seen it with me, when you stay too long, get too much routine and then also get a little bit tired of the topic that you rather leave and before you know it, you just sit there and collect dust. So that's why I'm leaving before I collect dust. Thank you.

AUDIENCE SPEAKER: I just want to thank you for I guess what you have done on the Board. You have been ‑‑ you started as an executive ‑‑ Chairman of the Board, at pretty much the same time I got involved in the RIPE community. So, yeah, there's been of overlap there. And I think, I thank you for that and I wish you luck at ICANN.

CHRISTIAN KAUFMANN: Thanks a lot. I guess I needed that.

KURTIS LINDQVIST: We have got one last item on the agenda and that's the open microphone. This is your chance to provide feedback on NCC services or thoughts on NCC in general I guess. Or what they provide, do.

No? Okay. With that, we are done. And I believe I have to ask you, as usual, to leave the room swiftly ‑‑ I get nods from the NCC services staff ‑‑ please leave the room swiftly, thank you, and we'll see you at the next RIPE meeting.