myanmar member gathering

APNIC Member Gathering

20 November, Yangon

1

Agenda

RPKI; For more secure routing

Grow your business with more IP resources

Upcoming APNIC events

VizAS; Visualize your network infrastructure

2

IP resource statistics

3

7/16 6/16

Getting the final /22

4

12 3

IPv4 is fast exhausting, what next ?

5

IPv4 You payGet IPv6 for no extra fee

/24 No extra fees /48/22 No extra fees /32

IPv6 Kick Start

No evaluation required

6

Agenda





7

8

A

AS1 (ISP of Victim)AS4 (Large ISP)

AS2 (Legitimate owner of 2001:DB8::/32)

BGP:2001:DB8::/32

B

C

D

BGP:2001:DB8::/48

BGP:2001:DB8::/32BGP:2001:DB8::/48

AS3 (ISP of Hijacker)

Source : http://www.secureworks.com/

Resource Public Key Infrastructure

What is RPKI?

•A robust security framework for verifying the association between resource holders and their Internet resources

•Uses x.509 certificates with RFC3779 extensions

• Collaborative effort by all RIRs to help secure Internet routing by validating routes

9

APNIC’s involvement in RPKI

• Initial phase introduced by RIRs in 2009

• Initiative from APNIC aimed at:

– Improving the security of inter-domain routing

– Augmenting the information published in the whois database

10

Motivation

11

• Prevent route hijacking

– Only the rightful custodian can originate the prefix announcement – ISPs filter prefixes they propagate

• Minimize common routing errors

– Limits human errors– Prioritize routes with certificates

Real-life routing incidents• July 2015 – Axcelx; hosting provider in Boston leaked Reddit routes,

knocking off websites dependent on Amazon and AWS

• June 2015 - Telecom Malaysia caused large-scale routing issues due to route leak

• April 2014 - Indosat leaked 32,000 routes

• April 2010 - China Telecom advertisement caused 15% of Internet traffic to pass through Chinese servers

• February 2008 - Pakistan Telecom announced 208.65.153.0/24 (YouTube prefix)

12

APNIC Resource Certification

Valid from: 2015.11.20 Valid to: 2016.11.20 Origin ASN: 131107 IP prefix: 2001:0DB8::/32 Most specific allowed: /36

Create your ROAs now through APNIC’s Resource Certification Tool.

www.apnic.net/ROA13

Creating ROAs in MyAPNIC

14

• What you need to have before creating a ROA

– Must be an APNIC Member– Have access to MyAPNIC with 2 factor authentication

• Takes only 5 minutes to create, and 10 minutes to be visible to the public

TOTP, more convenient 2FA

15

Digital certificates are not neededCan get full access from ANY device you login with

www.apnic.net/2FA

ROA creation in MyAPNIC

16

1 2

Route management made easier

17

Services improvements for route management next year

• One page to manage routes and ROAs

• Ability to create ROA together with route object

• Quick visualization of all your routes and ROAs

• View who is using your ASN

Success story

• May 2015: APNIC Outreach in Bangladesh– 13 organizations visited– Onsite support to create ROA objects

18

561 valid prefixes (24%)

http://rpki.surfnet.nl/bd.html

ROA usage in apps and services

19

Agenda





20

Reduce delaysAdd more robustness

Peering

Internet Peering is a local routing optimization, a way to exchange some of your traffic with neither party incurring Internet transit fees.

21

VizAS: Visualize your connectivity

AS Numbers with more downstream connectivity located towards the centre.

Lines show their connectivity to down streams

22

VizAS: Visualize your connectivity

AS Numbers on the edge have no down streams. They provide services to end users.

Red means heavy traffic. Yellow means low traffic.

23

VizASWant to find out about Myanmar ?

labs.apnic.net/vizas

24

Agenda





25

Upcoming conferences

26

APNIC Training

www.training.apnic.net27

28

APNIC Training: New courses

www.training.apnic.net

E-LearninglOSPF Operation & LSDBGP Attributes & Path Selection ProcessIPv6 Protocol ArchitectureDNS SecurityWHOIS Database + MyAPNICIntro to RPKIIntro to MPLSIPSec VPN Design

WorkshopsRPKI Tutorial & Router Configuration DemoAdvance MPLSAdvance BGP

Technical Assistance Service

TAS - Thailand TAS - Bangladesh

Support for scalable and resilient networks and best

practices in network operations

• Distribution and registration of resources• Supporting reverse DNS delegation• Managing whois and IRR• Resource Certification• IPv6 deployment• Internet infrastructure security• Supporting open & neutral IXP & root serverswww.apnic.net/tas

29

Outreach in Sri Lanka (8 Members), Bangladesh (13 Members), Thailand (10 Members)