Hans Petter Holen

Independent Infrastructure Requires Investment

Author image
Hans Petter Holen(RIPE NCC staff)

5 min read

0
Article lead image

An analysis of our infrastructure has given us a clearer picture of what is needed to move the RIPE NCC towards a more independent and self-hosted approach. We are now planning a major rebuild to create a more resilient and secure infrastructure that can support the services our members rely upon. This will require careful planning and investment and a significant effort from our staff.


Note: this article is based on my presentation at the RIPE NCC Services working group during RIPE 92.

Over the past several years, the RIPE NCC has been working to move various services into the cloud. This began with an internal ‘Cloud First’ initiative in 2019 and developed further through our Cloud Strategy Framework and Service Criticality Framework in 2021, and later revisions to our cloud strategy in 2023.

Since then, the international environment has changed significantly. Geopolitical uncertainty, regulatory developments and increased expectations around the resilience of core Internet services have led us to reassess the risks of relying on US-based hyperscalers for parts of our infrastructure.

At RIPE 90 (slides 16-19), we explained that we had paused parts of our cloud project so we could carry out a deeper analysis of our infrastructure and evaluate our options. That work has now given us a clearer picture of what is needed to return to a more independent and self-hosted approach. Rebuilding this capability will require significant reinvestment and a total re-design of our technical infrastructure.

While we are moving away from the cloud, simply returning to an earlier status quo is no longer an option. This is partly because stakeholder expectations about the security, stability and resilience of our services have grown significantly in recent years, especially given the uptake of RPKI and with more attention being paid to the stability of the root zone, to take just two examples. Some of these expectations are also reflected in EU regulations that we are subject to, such as the NIS2 directive. Our draft 2027-2031 strategy emphasises a modern, scalable infrastructure that is highly resilient and secure - this is the direction we will be heading in over the coming years.

Most layers of our infrastructure require attention

To start with, we will need to replace hardware that has reached, or in some cases passed, the end of its lifecycle. This is the result of trade-offs between CAPEX and OPEX over the period in which we were focused on cloud deployments, as well as various assumptions and decisions about how this balance would evolve over the long term. Now that we are emphasising our own infrastructure, we will have to return our CAPEX investment back to previous levels to catch-up.

Beyond this, we need to consider our data centre footprint - both the number of data centres we use and their geographical location. We need to eliminate or minimise interdependencies between them so we can scale and expand into additional data centres as needed. We need geographically redundant storage and backup, and we will have to decide on future virtualisation platforms that allow us to minimise vendor lock-in risks.

We are planning to achieve this through a project that will run from 2026-2028, which would involve the migration from our current setup to a new greenfield deployment. This will be a significant effort involving staff from across the company, and I expect our engineering teams will encounter many different challenges in the process.

Our current infrastructure has evolved over more than 20 years, with all the issues of complexity, technical debt and service interdependencies that come with this (though we have been working to reduce technical debt in recent years). Added to this, there are the difficulties that come with carrying out such a significant migration while continuing to operate services that are important to global Internet operations.

Funding this work

Our initial rough estimate is that we will need around EUR 5M in additional budget (CAPEX and OPEX) spread across 2026-2028.* This will effectively return our CAPEX budget to previous levels consistent with the period 2010-2020.

To fund this project, we will need to find the right balance between internal cost savings and membership fees. Regarding the latter, we are fully aware that some members are concerned by the level of fees they have been paying in recent years and do not wish to see further growth in the RIPE NCC’s budget. Our Clearing House Reserve can also be useful here, as it is designed to support the stability of the organisation by allowing for financial flexibility and adaptability. We could draw from this to cover a portion of the funding, which would then be repaid over subsequent years.

Next Steps

We are raising this issue at a relatively early stage and we don’t have all the answers yet. However, we will meet your expectations in terms of transparency as we progress this work.

We have just about completed our analysis of the current situation and identified a migration path. Once we have decided on a way forward with the RIPE NCC Executive Board at our upcoming meeting (22-23 June), we will be able to share more information with you. This can be handled via our yearly Activity Plan and Budget process, which starts ahead of RIPE 93. By that point, we will have more detailed information to share for community discussion and feedback.

In the meantime, you can also share comments either below this article or on the RIPE NCC Services WG mailing list (ncc-services-wg@ripe.net).

0

You may also like

View more

About the author

Author image
Hans Petter Holen Based in Amsterdam, Netherland

Hans Petter Holen is the Managing Director of the RIPE NCC. Before taking on this role in May 2020, he served as the RIPE Chair from 2014 and has been part of the RIPE community for over 30 years. He also serves as the chair of the Number Resource Organisation (NRO) Executive Council.

Comments 0