Mutually Agreed Norms for Routing Security (MANRS) Strengthening the Internet

Working with APRICOT to Improve Routing Security

We’re pleased to announce that the Internet Society and the Asia Pacific Network Operators Group Ltd (APNOG) signed a Memorandum of Understanding (MoU) to cooperate in supporting the MANRS initiative in the Asia-Pacific region.

APNOG is the non-profit entity that runs the annual APRICOT conference, also called the Asia-Pacific Regional Internet Conference on Operational Technologies. APRICOT is the largest meeting of the technical community in the region.

The agreement will see the two undertake initiatives and activities to promote the security of the Internet’s global routing system and Mutually Agreed Norms for Routing Security (MANRS). MANRS is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats.

We agree to tackle routing-related cybersecurity incidents such as route hijacking, route leaks, IP address spoofing, and other harmful activities that can lead to DDoS attacks, traffic inspection, lost revenue, reputational damage, and more.

APRICOT draws many of the world’s best Internet engineers, operators, researchers, service providers, and policy enthusiasts from around the world to share the technical knowledge needed to run and expand the Internet securely. The partnership will allow MANRS to better leverage the platform to promote routing security to conference participants, including Internet Service Providers (ISPs) and Internet Exchange Points (IXPs).

Specific activities include hosting events on routing security at the annual APRICOT Summit and/or online; promoting MANRS participation to APRICOT attendees; helping develop the MANRS community in the region; and working together on the MANRS Observatory, which shows a network’s level of MANRS readiness and serves as an indication of the general state of routing security.

We have also agreed to continue to sponsor APRICOT’s Fellowship Program, providing financial support for individuals from developing economies to attend the event, and to contribute to discussions about Internet operations, technologies, and development.

The agreement builds on the long-running partnership between APRICOT organizers (previously the Asia Pacific Internet Association (APIA), now APNOG) and the Internet Society. The Internet Society has contributed to it over the years by not only sponsorship, training, and community building, but has also made multiple high-profile appearances in various sessions, including the keynote speech in 2019 by Internet Society President and CEO Andrew Sullivan.

“We believe Internet routing security issues can be resolved through collective action and a shared sense of responsibility. We look forward to welcoming more MANRS members from the Asia-Pacific region, and working together with APNOG to improve routing security both regionally and globally,” said Rajnesh Singh, Regional Vice-President, Asia-Pacific for the Internet Society.

“We run APRICOT to cultivate the skills and understanding needed to develop a robust Internet infrastructure across the Asia-Pacific region – a goal also strongly supported by the MANRS community and the Internet Society. The partnership will let us work more closely together, and I look forward to MANRS playing an increasingly important role among key Internet builders in the region,” said Philip Smith, Director of APNOG.

Learn more about MANRS and APRICOT.

Mutually Agreed Norms for Routing Security (MANRS) Strengthening the Internet

APRICOT 2020: Routing Security Takes Center Stage

More than 600 of the world’s leading Internet engineers from 60 economies gathered last week at APRICOT, and it was encouraging to see routing security take center stage in the largest meeting of the technical community in the region.

The Internet Society is a long-time partner of the annual event, also called the Asia Pacific Regional Internet Conference on Operational Technologies, and this year we held two community gatherings, spoke in several sessions, and ran a booth throughout the conference.

The ten-day meeting consisted of workshops, tutorials, conference sessions, birds-of-a-feather sessions, and peering forums from 12-21 February in Melbourne, Australia. This year marked the 25th anniversary of APRICOT, and it was good to recognize how the event has grown over time and contributed to technical capacity building in the region. It also gave me the chance to reflect on my own participation in the event over the years, including from when I was in the private sector prior to my current role.

One of the things Internet builders get together for at APRICOT is to share the technical knowledge needed to run and expand the Internet securely. So it was a great opportunity to bring attention to the Mutually Agreed Norms for Routing Security (MANRS) initiative, one of the eight projects outlined in the Internet Society’s 2020 Action Plan.

That was why our booth was dedicated to MANRS, and we were glad to see many attendees who ran networks come over to have a routing security check-up of their networks’ routing hygiene. The initial test is a first step towards strong and robust routing security, and we are hopeful many of them will join our growing community. Our MANRS t-shirts also proved very popular!

Aftab Siddiqui, our Senior Manager, Internet Technology for Asia-Pacific, was one of the facilitators of the highly popular Resource Public Key Infrastructure (RPKI) Deployathon, in which about 40 network operators learnt to deploy RPKI, a framework to sign Internet routes and protect users from route hijacks and misconfigurations.

Aftab was also appointed Chair of the inaugural APNIC Routing Security Special Interest Group (SIG), a new SIG that will provide a platform to discuss the operational issues and best practices to secure global Internet routing. We look forward to him helping strengthen routing security even further with Co-Chairs, Dr. Di Ma and Rupesh Shrestha.

We got together with more than 40 MANRS participants and partners in the region at the Community Meeting to share the latest on the initiative, including a plan to include new kinds of organizations, such as content delivery networks (CDNs) and cloud providers. Stay tuned for future updates!

In the long run, we aim to make MANRS a norm in routing operations – with non-conformance seen as unacceptable – and for it to be a self-governed community. We had a good discussion with the community on this and other matters, and to those who were able to attend, we thank you for taking the time to come.

Our delegation included Robert Maylath, Senior Director, Organization Membership; Kevin Meynell, Manager, Technical and Operational Engagements; Adrian Wan, Policy Advocacy Manager; Aftab; and myself. We outlined our plans at the AP Star Retreat and the APNIC Global Reports session alongside many of our partners and encouraged the community to join us in our mission.

It was good to see that more than 40 people from our membership community, including the local chapter, were able to join us for a social get-together. We were given a glimpse of the threats the Internet is under in Australia by Paul Brooks, Chair of the Australian Chapter, who told us he and other Chapter leaders would take part the next morning in a public hearing of the Independent National Security Legislation Monitor Review of the Telecommunications and other Legislation Amendment (Assistance & Access) Act 2018, commonly known as the TOLA Act, to stand up for encryption.

If you could not make it to APRICOT this year but wish to catch up on the sessions, you can watch the recordings or read the transcripts on the conference website, and download the presentations.

Next year, APRICOT is scheduled to run from February 16 to 26 in Manila, Philippines.

Image courtesy of APNIC

Mutually Agreed Norms for Routing Security (MANRS) Strengthening the Internet

Let’s Improve Routing Security at APRICOT 2020

Internet builders in Asia-Pacific get together around this time every year at APRICOT to learn from each other and other leaders from around the world. Routing security will be a key theme, and we will be sharing in multiple sessions why the MANRS initiative is important to the global routing system.

Also called the Asia-Pacific Regional Internet Conference on Operational Technologies, the conference is the largest meeting of the technical community in the region. It draws many of the world’s best Internet engineers, operators, researchers, service providers, and policy enthusiasts from over 50 countries to learn, share, and network.

Held annually, the ten-day meeting consists of workshops, tutorials, and conference sessions, birds-of-a-feather (BoFs) sessions, and peering forums all with the goal of spreading the knowledge needed to run and expand the Internet.

Technical training workshops will run from Feb 12 to 16, and the conference itself from 17 to 21 in Melbourne, Australia.

Our team at the Mutually Agreed Norms for Routing Security (MANRS) initiative will speak at various sessions throughout the conference, including the Resource Public Key Infrastructure (RPKI) Deployathon on 17 February that I will facilitate. I will also be chairing the inaugural APNIC Routing Security/RPKI SIG on 20 February.

RPKI is a public key infrastructure framework that allows holders of Internet number resources to make verifiable information available about those resources, such as Route Origin Authorisations (ROA), essentially authenticated routing annoucements. RPKI uses a public key infrastructure that creates a chain of resource certificates allowing RPKI users to validate that a network announcing routes for specific Internet addresses actually is authorized by their regional Internet registry (RIR) to have those addresses. To learn more, please join us at the session.

We will also hold a MANRS Community Meeting on 20 February to get together with MANRS participants in the region. Join us if you are part of our growing community!

If you would like to learn more about or join MANRS, our team will be at our booth throughout the conference, so please come over to chat with us about the state of routing security of your networks. You may even get a MANRS T-shirt!

The wider Internet Society team will also be at APRICOT. Rajnesh Singh, Regional Vice-President, Asia-Pacific, will speak at APNIC Global Reports on 20 February with many of our partners.

We will hold an informal gathering with the community on 19 February, so if you are an Internet Society member or simply want to know more, please feel free to come by.

If you are interested in attending the conference you can still register at the event’s website. But if you cannot make it in person, you can also follow the sessions via livestream using the links on the session pages.

Image by Denise Jans via Unsplash

Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Making the Internet Better Together at APRICOT 2019

Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) 2019, said to be the largest technical conference in the region, drew hundreds of the world’s leading Internet engineers from over 50 countries to Daejeon, South Korea last week.

The Internet Society, a long-time partner of the event, contributed to the event by not only sponsoring over a dozen of fellows to travel there, but also made multiple high-profile appearances in various sessions, including the opening keynote speech.

The Internet Society’s President and CEO Andrew Sullivan delivered the keynote Up and Down the Stack Through a Nerd’s Eyes: Making the Internet Better the Internet Way with hundreds of people present, including Tae-Jeong Her, Mayor of Daejeon, and Dr Hee-yoon Choi, President of organiser the Korea Institute of Science and Technology Information (KISTI), a government research institute.

Now that so many people depend on the Internet, it is no surprise that businesspeople, policymakers, regulators, and politicians all want a say in the way the Internet evolves. But some of the proposals for the future of the Internet, Sullivan said, betray fundamental misunderstandings of the way the Internet works. The talk urged us all to continue to engage with the big questions that affect the future of the Internet, and to bring to that engagement the technical understanding of how the Internet depends on the community of independent network operators in order to remain healthy and strong.

The Internet Society delegation this year also included Rajnesh Singh, Regional Director of the APAC Bureau; Aftab Siddiqui, Technical Engagement Manager, APAC; Salam Yamout, Regional Director, Middle East; Andrei Robachevsky, Senior Technology Programme Manager; Sally Harvey, Director, Membership and Partnership Development; and me, Outreach Manager, APAC.

In line with the Internet Society’s 2019 Action Plan, our message at APRICOT 2019 was to give voice to the need to improve the Internet’s technical security, specifically routing security. That was why in different sessions we promoted the Mutually Agreed Norms for Routing Security (MANRS), a global initiative of the Internet Society that provides operators with steps to mitigate the most common routing threats.

We undertook a variety of roles at the conference and side events, including chairing and speaking at the AP* Meeting, speaking at the APNIC Global Reports, speaking at the APNIC Cooperation SIG, as well as several other speaking and moderation roles. We also had a number of bilateral meetings with other Internet organisations throughout the week.

I had the pleasure to moderate the ISOC@APRICOT session, in which we introduced the community to our work plans and invited them to exchange views on broad Internet issues in the region with us. We were much encouraged by the support of some Internet Society Chapter leaders and members who told us more about their local communities.

In the session, Sullivan introduced the 2019 Global Internet Report: Consolidation in the Internet Economy, which explores the growing influence of a few powerful players in the Internet economy.

The study is the beginning of a conversation about the implications of concentration in the Internet economy. Our analysis shows the questions surrounding these trends are very complex, and hasty interventions could lead to unintended consequences and harm for the Internet and its users. More work must be done to understand this important issue.

“I hope you’ll join us and help identify gaps that we haven’t done or suggest ways to improve the study,” Sullivan concluded the session by introducing our research funding opportunities.

Read the 2019 Global Internet Report: Consolidation in the Internet Economy to understand key features of consolidation, the impact of emerging trends on the Internet, and explore the questions it raises.

Events Mutually Agreed Norms for Routing Security (MANRS)

Team ISOC @ APRICOT 2018

Last month in Kathmandu, Nepal, 750 delegates participated in APRICOT 2018 – Asia-Pacific’s largest Internet conference. It was led by Internet Exchange Nepal (npIX) with support from several organizations including the Internet Society (ISOC) Nepal Chapter.

The Internet Society, through its Asia-Pacific Bureau, is a long-term partner of the APRICOT conferences, sponsoring a competitive fellowship programme, as part of the Internet Society’s mission to support capacity building in developing countries. Read more about our fellows at APRICOT 2018:

Meet the APRICOT 2018 Fellows

Team ISOC @ APRICOT 2018 comprised of staff from Regional Bureaus and Internet Technology. This included Andrei Robachevsky, Aftab Siddiqui, Rajnesh Singh, Salam Yamout, and myself.

In line with the Internet Society’s 2018 Action Plan, our core message at APRICOT 2018 was to strengthen the global Internet routing system and mitigate many of the risks facing the Internet’s core today. This includes route hijacking, traffic detouring, and address spoofing – which is a root cause of Distributed Denial of Service (DDOS) attacks. We promoted the Mutually Agreed Norms for Routing Security (MANRS), a set of recommendations addressing these risks, already adopted by some network operators.

Team ISOC took on a wide variety of roles at APRICOT 2018 and other co-located events, including: chairing and speaking at the AP* Meeting, speaking at the ICANN GAC Regional Capacity Building Workshop, and several other speaking and moderation roles at the conference.

Presence of many of the key people and organizations shaping the Internet in Nepal and Asia-Pacific invited a number of important engagements at APRICOT 2018. Team ISOC had a number of bilateral dialogue with government representatives, ISP associations, network operators, and regional Internet organizations.

The ISOC Nepal Chapter chaired our regular ISOC@APRICOT meeting, inviting the community to learn about our work plans and possible areas of collaboration, and share views on broad Internet issues in Asia-Pacific. Several Internet Society chapter leaders and members led lively discussions about their work with local communities.

Together with delicious dinners and friendly social gatherings, Team ISOC had great visibility and impact during APRICOT 2018, with several outcomes and opportunities to support one of our KEY actions vital to the Internet’s future – securing the Internet’s core.

Mark your calendar – APRICOT 2019 will be held in Daejeon, South Korea on 19 February – 1 March 2019.

Learn more about MANRS and how you can make the Internet more secure.

Events IPv6 Women in Tech

Meet the APRICOT 2018 Fellows

The Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) is an annual event that brings together Internet engineers and networking experts, government representatives, Internet business leaders, and other interested parties from around the world to learn from training workshops and tutorials, attend technical presentations, discuss policies, and extend social and professional networks with like-minded peers. This year’s event was held in Kathmandu, Nepal from 19-28 February.

The Internet Society Asia-Pacific Bureau has a long-term partnership with APRICOT and proudly sponsors its fellowship program, providing financial support for individuals from developing economies to attend the event, and to contribute to discussions about Internet operations, technologies and development. This year the Internet Society sponsored a total of 13 fellows to APRICOT 2018, split between the technical workshops and the conference week, depending on their areas of interest. 75% of these fellows were females, endorsing our focus to inspire and facilitate the participation of women in the technology sector and to #ShineTheLight!

We had an opportunity to meet some of these fellows, to know more about them and their experience as a fellow.

Athirah Rosli is a Doctoral Researcher at Universiti Utara Malaysia, and also a committee member of the ISOC Malaysia chapter.

“I fully enjoyed my five-day event that was full of interesting sessions and tutorials. I also get to know more about the current status of IPv6 especially on the deployment and operations of it. Moreover, during this conference, I have a chance to meet other researchers, Internet engineers, networking experts, government representatives and technical staffs around the globe that have mutual concerns and issues regarding the Internet. The experience of attending this conference will become a valuable treasure of memory to be cherished in my life.”

Anand Raje is a board member for India Internet Foundation. He is also vice president of the ISOC India Kolkata chapter.

“Receiving this fellowship has been a great experience and it has helped a lot while networking with the community. Sessions on SDN, DDoS, Network Automation, peering forum and others alike were quite interesting and engaging. APRICOT conference is a great place to meet, build new connections and share ideas. In our local community, we are building a model of community Internet Exchange Point (IXP) which is replicable and can be implemented by the community for the community. It has been a great pleasure in meeting fellow network practitioners from the region, thanks to friends from ISOC Nepal Chapter and community leaders for such an awesome hospitality. During the conference week I visited the NPIX, one of the pioneering efforts towards a community driven exchange point.  I would like to suggest to have a fellowship alumni network and one dedicated session for fellows, to share their experiences and guide the newcomers to better mingle with the community and it will become a driving factor which can yield great results in the local community.”

Hsu Myat Thwe is from Magway, Myanmar. She is a junior network engineer at a local ISP, and also volunteers for Myanmar Internet Exchange Point (MMIX).

“I decided to attend for Network Management and Monitoring workshop because it reflected my professional experience. By attending this workshop, I had a great knowledge and the key concepts of network management and monitoring. I learned useful network monitoring tools, and also made many friends from other countries. I will share my experience with colleagues, and will encourage engineers from Myanmar to participate in APRICOT workshops.”

Building Trust Events Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards Securing Border Gateway Protocol (BGP) Technology

Routing Security BoF – APRICOT 2018

On Sunday, 25 February, the first day of APRICOT 2018, a “Routing Security BoF” (birds of a feather: An informal discussion group) was organized to address the ever-growing routing related incidents happening on daily basis. We have discussed routing security in general within the Asia Pacific region but there was a need to have a platform for open and candid discussion among the network operator community to find a possible way forward, where operators can share their approach in securing their own infrastructure and keeping the internet routing table clean as well.

A quick introduction was provided by the moderator (Aftab Siddiqui) on why it is important to have this BoF. Here are the introductory slides:

The first technical community presenter was Yoshinobu Matsuzaki (Maz) from Internet Initiative Japan (IIJ), the first ISP in Japan started in 1992. IIJ is one of the few ISPs in the region implementing prefix filtering, source address validation for their end customers, and making sure that all their routing information is reflecting the current status in the peeringdb for AS2497. IIJ was the first Asia Pacific ISP to join MANRS (Mutually Agreed Norms for Routing Security), a global initiative, supported by the Internet Society, to work with operators, enterprises, and policymakers to implement crucial fixes needed to eliminate the most common routing threats.

The rest of the BoF was based on a panel discussion, with panelists representing some of the top global CDNs (Content Delivery Networks) along with the technical lead of the MANRS initiative from the Internet Society.

The discussion started with the following questions:

Q1. You just heard from one of the largest ISP in the region (IIJ) and, being one of the biggest CDN providers globally, what measures do you take to ensure that you are keeping the internet routing table clean?

A1 (summary). CDNs mostly rely on the peering fabrics and they do put filters in place to safeguard their infrastructure and also don’t usually pollute the global routing table. They can’t control any peer network and hence cannot avoid any accidental/intentional prefix hijack. To safeguard against such incidents, all CDNs actively monitor the global routing table to quickly fix incidents and reduce the outage or impact.

Q2. There are ISPs that implement routing security and there those who don’t. Do you have the same peering policies for both? Do you enforce any policy to make sure that your peering partners are doing the right things?

A2 (summary). It is not possible for CDNs to create different peering policies on the basis of network reputation, but they do make sure that they have good visibility of the network in order to find the problem as early as possible. Also, it is hard for CDNs to de-peer in case of an incident because there are commercial interests in place as well. The counter argument from Andrei (ISOC) was: CDNs can’t apply different policies to networks/peers on the basis of reputation because it is realistically difficult to differentiate the bad from the majority of good peers. This is where MANRS can provide a platform to show if a network is accidentally/intentionally polluting the internet routing table.

Q3. Do you see any benefit of RPKI and BGPSEC to secure internet routing in the future?

A3 (summary). It was clear from the discussion that BGPSEC is too new to have any constructive discussion; there are many changes required in the protocol and even after that it is optional for a peer to use BGPSEC. However, RPKI can play some role in the future but at the moment no CDN is actively pursuing RPKI as a solution. The topic of RPKI resulted in some interesting debate between Geoff Huston and panelists.

At the end of the panel discussion we asked four questions through an interactive poll and the results were very interesting and encouraging.

Around 62 members of the community participated in this poll, which clearly shows that the vast majority of them consider routing security a problem we need to address. While some are not clear if there was an impact on internet services because of routing security incidents (lack of data), it was very clear that networks don’t follow guidelines to implement routing security because there is no incentive for them to do so. At the end the clear winner was MANRS, as most respondents believe that only a community-driven initiative such as MANRS can convince the network operators to implement routing security. (Here’s how to join MANRS.)

Building Trust Events Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Technology

Routing Security is a Serious Problem – and MANRS Can Help. A Report from APRICOT 2018.

Last week, at APRICOT 2018 in Kathmandu, Nepal, there were a lot of talks and discussions focused on routing security and the Mutually Agreed Norms for Routing Security (MANRS).

First, there was a Routing Security BoF, attended by about 150 people, where we talked about what it takes to implement routing security practices, how CDNs and other players can help, and why it is so difficult to make progress in this area. The BoF included an interactive poll at the end, and it showed some interesting results:

  • Participants almost unanimously see lack of routing security as a serious problem.
  • Slow progress in this area is largely seen as due to a lack of incentives
  • Participants see community initiatives (like MANRS) as the main driving forces for improvement, followed by CDNs and cloud providers. They doubt that governments or end-customers can effectively drive change.

My colleague Aftab Siddiqui is writing a separate blog post just about that BoF, so watch the blog in the next day or two.

Later, in the security track of the main APRICOT programme, Andrei Robachevsky, ISOC’s Technology Programme Manager, presented statistics on routing incidents and suggested a way forward based on the MANRS approach. In his presentation, “Routing Security in 2017 – We can do better! And how MANRS can help”, he provided a detailed overview of simple steps a network operator should take to improve routing hygiene and overall security of the routing system we all depend on so much.

His slides are available here:

An interactive poll that followed offered interesting insights into the challenges and state of securing routing:

  • More than 50% of the operators polled experienced routing incidents with varying impact, and only a lucky <20% were not terribly affected by them
  • There were remarkable differences regarding the security posture of networks. More than half of respondents have no resources to implement even such simple measures as MANRS. At the same time 1/3 of network operators already implement those measures and actively promote them in the community

It was very encouraging to see that a majority of the participants valued MANRS and wanted to join. At least when they become ready to implement the actions.

I’ll leave you with a quote Aftab shared at the beginning of the Routing BoF, from Nobel Peace Prize Winner Jane Addams: “The good we secure for ourselves is precarious and uncertain until it is secured for all of us and incorporated into our common life.”

Are you ready to look into the four MANRS Actions and start moving your network in the right direction? We have an Implementation Guide and Training Modules available! Or perhaps you are ready to join MANRS? Sign up here!

[This post originally appeared on the MANRS Blog here.]

Building Trust Events Growing the Internet Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards Technology

Busy Week for MANRS, Routing Security, and More at APRICOT 2018

APRICOT 2018 is underway in in Kathmandu, Nepal, and as usual the Internet Society is an active participant in many areas of Asia Pacific’s largest international Internet conference. The workshops are taking place this week, with the conference happening next week. Here are some of the conference activities where we’ll be.

Routing Security BoF

On Sunday, 25 February, from 18:00 to 19:00 (UTC +05:45), Aftab Siddiqui and Andrei Robachevsky will moderate a Birds of a Feather (BoF) session on routing security. From the abstract, the session will provide a space where “…operators can share their approach in securing their own infrastructure and keeping the internet routing table clean as well. Also, this will provide a platform to review and highlight various BCOP documents to address routing security.” The Mutually Agreed Norms for Routing Security (MANRS) initiative is a key piece of the routing security puzzle.

Tech Girls Social

On Monday, 26 February, from 13:00 to 14:00 (UTC +05:45), Salam Yamout will be speaking at the Tech Girls Social. This session provides a space for APRICOT participants to talk and network in an open, friendly environment. The event is open to ANYONE who is interested and is not restricted to women. It is an opportunity to get to know other participants outside technical- or work-focused discussions.

Cross-region Resource Management

Also on Monday, 26 February, from 14:30 to 16:00 (UTC +05:45), Aftab will join be a panelist in the “Cross-region Resource Management” session. This session will address resource custodianship and panelists will debate the issues and best practices that can help provide solutions, including BGPSec, RPKI, MANRS, and more.

Routing Security in 2017: We can do better!

On Tuesday, 27 February, from 09:30 to 11:00 (UTC +05:45), Andrei will present during the Security 1 session on “Routing Security in 2017: We can do better!” From the session abstract: In 2017, not a single day passed without an incident. While none of the incidents was catastrophic, all of them continue to demonstrate the lack of routing controls like those called for in MANRS that could have prevented them from happening.”


Later on Tuesday, 27 February, from 18:00 to 19:00 (UTC +05:45), The Internet Society Nepal Chapter is hosting an ISOC@APRICOT meeting where members, chapter leaders and community members will discuss ISOC’s 2018 work objectives and broader Internet related issues.

Other Meetings and Topics

APRICOT is a unique gathering place for organizations from across Asia Pacific to meet and discuss current activities, best practices, and needs. We’ll be participating in a series of side meetings related to ISP Associations, IXPs, and policy-related events such as the ICANN Government Advisory Committee (GAC).

APRICOT is also full of workshops and sessions on IPv6, DNSSEC, the Internet of Things, Internet Governance, and more topics of interest, so we encourage you to check out the full agenda.

Watch Live, or Come Join Us

Most of the sessions will be broadcast live (on YouTube and Adobe Connect). Information will be updated on the APRICOT Webcast page as it is available.

As you can tell, there’s a lot going on over the next two weeks in Nepal. If you’ll be there, please come look for us to say hello or let us know what’s on your mind. You can also follow along via social media with #APRICOT2018.

Building Trust Domain Name System Security Extensions (DNSSEC) Events IPv6 Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards

One week in Ho Chi Minh City – another busy APRICOT for the ISOC Team

If we had to choose music to accompany all our activities at APRICOT 2017 it would surely be Chopin’s Minute Waltz (Op 64, No 1)! No, we did not manage to fit 138 bars of music into 60 seconds but the tempo was very lively with frequent crescendos and diminuendos and a lengthy trill. Call it efficiency, but we all managed to share and exchange a lot of information working within the new shortened APRICOT 2017/APNIC 43 programme.   

Employing good strategic planning, the ISOC Asia-Pacific Regional Bureau’s activities preceded our arrival into Saigon (the former name for Ho Chi Minh City). We had sponsored nine ISOC Technical Fellows to attend the workshop week in-line with our mission to support capacity building in developing countries. The workshop week allowed network engineers not only to keep up-to-date with current and emerging trends in network operations (including network management and security), but gave them the opportunity to exchange knowledge with their peers from the region, and to take and make use of the learnings back home.

This year the Internet Society sponsored a total of 12 fellows to APRICOT 2017. The fellows were split between the technical workshops and the conference week, depending on their areas of interest.

We are also happy to note that 70% of these fellows were females – coming from Vanuatu, Fiji, Timor-Leste, Myanmar, Cambodia, Bangladesh and, Bhutan. Encouraging and facilitating the participation of female fellows at such technical events is one way in which we are trying to help bridge the gender gap in the technology sector.

The Internet Society had a sizeable presence overall at APRICOT 2017, with staff from various teams including the Regional Bureau, Internet Technology and Partnership Development. This included Aftab Siddiqui, Amelia Yeo, Andrei Robachevsky, Howie Baggott, Jan Zorz, Kevin Meynell, Rajnesh Singh and Raul Echeberria.

The Team took on a wide variety of roles at APRICOT 2017/APNIC 43 and other co-located events. These included:

1. Chairing (Raj) and Speaking (Amelia) in the AP *meeting

2. Speaking in the APNIC Cooperation SIG on Connecting the Next Billion (Raul)

3. Facilitating the BOF on Best Current Operational Practices (Jan and Aftab)

4. Moderating the APNIC Panel on Forces Shaping the Network (Raul)

5. Speaking in the DNS/DNSSEC session on DNSSEC/DANE/TLS Testing in Go6Lab (Jan)

6. Moderating (Raj) and speaking (Raul) at the BOF on Community Wireless Networks

7. Speaking in the APNIC Panel on Navigating the IPv4 Transfer Market (Aftab)

8. Speaking in the APNIC Global Reports on ISOC Updates (Raj 

9. Speaking in the Network Security session on two years of good MANRS (Andrei)

10. Organising/Speaking the ISOC@APRICOT session (Amelia, Raul, Aftab, Raj and Gihan Dias from the ISOC Board of Trustees)

11. Speaking at APTLD71 on ISOC updates (Raul)

12.Speaking in the IPv6 session on Deployment on NAT64/DNS64 experiments, warnings and one useful tool (Jan)

13. Serving as the Election Chair of the 2017 APNIC Executive Council Election (Jan)

Of note are some of Jan’s technical presentations which are hyperlinked here and include DNS/DNSSEC,  NAT64 and IPv6.  Jan was so inspired that he had specially tailored his presentations for Vietnam (including being dressed for the occasion in Asian attire!).      

In addition, we took the opportunity to engage with stakeholders present at APRICOT 2017 and had a number of bilaterals and side meetings. This included government representatives, network operators, vendors, academia, and Internet Hall of Fame inductees (Geoff Huston, Gihan Dias, Kanchana Kanchanasut, Randy Bush, Steve Huter).

In a nod to fostering the next generation of Internet leaders, we had Md. Abdul Awal from our Bangladesh Dhaka Chapter chair the ISOC@APRICOT meeting. He did a good job, and we look forward to seeing more of our younger members taking the lead in future meetings.

All in all, the ISOC Team had great visibility and impact during APRICOT 2017 and there are a number of outcomes and collaboration opportunities that we will be following up on in the coming weeks and months

APRICOT 2018 will be held in Kathmandu, Nepal from February 19th to March 1st.

Deploy360 Events

Other IPv6 Stuff at APRICOT 2017

We already covered the IPv6 Deployment session during APRICOT 2017, but there were several other IPv6-related sessions that are worth mentioning.

First thing to mention is that there was a tutorial on deployment of IPv6 in a production mobile network. This was a 1.5-hour session led by Jeff Schmidt (Telstra) and provided some insights into what the business and technical considerations were, and what ended-up actually being deployed on their network.

Jon Brewer (NSRC) is someone who always managed to conjure up interesting talks at APRICOT Conferences, and his tutorial on the Internet-of-Things was no exception. Whilst IoT is not specifically IPv6, it’s likely that IPv6 will be required to facilitate the plethora of devices expected in future.

This tutorial discussed core concepts and the types of applications that are enabled by IoT technologies, before covering radio and network protocols for low-power WANs such as the 802 series, 3GPP and LoRaWAN. Higher-level protocols used in IoT are also discussed including CoAP, MQTT, REST and Websockets.

On a related note, there was also a presentation by Jeff Apcar (Cisco) on the Low Power Wide Area (LPWA). This covered this new area of communications where networks of sensors with limited power availability need to be connected across both urban and rural areas; some over long range wireless networks with substantial RF interference.

Last, but not least, there was the IPv6 Readiness Measurement session. This is an initiative of TWNIC (the Taiwan National Internet Registry) aims to encourage organisations working on IPv6 deployment to share their IPv6 measurement methods and results.

The IPv6 situation in India as presented by Ajai Kumar (NIXI) is becoming interesting, with different measurements calculating IPv6 deployment somewhere between 20 and 40% which makes India the economy with the highest rate of deployment in the Asia-Pacific region. Even more encouragingly, some large organisations including the State Bank of India have even higher rates of deployment, most of the major IXPs are IPv6-enabled, whilst the .in ccTLD also support IPv6.

The Asia-Pacific economy with the second-highest level of IPv6 deployment is Japan, whose situation was presented by Tomohiro Fujisaki (NTT). IPv6 deployment continues to increase and currently sits somewhere just over 20%. However, three major cellular operators have announced they will commence IPv6 services in 2017, whilst a number of fixed-line ISPs have already started to offer commercial ISP services. Some government services are now available via IPv6, although support by the major Japanese content providers still needs to improve.

Things are a bit less positive in Korea, Taiwan and Vietnam, although there was substantial progress with IPv6 deployment in Vietnam during 2016, with FPT Telecom becoming the first ISP in the country to offer IPv6 to customers (which we previously discussed). The Taiwanese government has also deployed IPv6 in most of its agencies, has started to offer IPv6 on its public Wi-Fi service (iTaiwan), whilst around 20% of the traffic of TANet (the NREN) is using IPv6.

One of the reasons for limited IPv6 uptake in Korea appears because it has one of the highest user bases in the world, and therefore obtained a large amount of IPv4 resources early on. IPv6 deployment only really started 3 years ago, and then mostly on cellular networks, so that combined with the lack of local content available via IPv6 has provided limited incentives for ISPs to provide this to their customers.

However, regardless of where you are, we encourage you to consider deploying IPv6, so please check our Start Here page for more information!

Deploy360 Events

The Network Forensics problem of IPv4

Although not directly on the subject IPv6, we absolutely need to draw your attention to a great presentation from Geoff Huston (APNIC) on Forensic Tracing in the Internet during APRICOT 2017. This relates to the pervasive use of Carrier Grade NATs as a means of extending the useable life of IPv4 on the Internet, and the implications for metadata record keeping and tracing users.

As we know, the pools of IPv4 addresses are close to depletion, but around 90% of the Internet is still only accessible via IPv4. As a result, Carrier-Grade NAT (CGN) has been widely implemented whereby private IPv4 address space is used in conjunction with a limited number of public IPv4 addresses in order to conserve public IPv4 address space. In other words, many customers are sharing a single public IPv4 address that will usually also change over a given time period.

If you therefore wish to trace from where traffic has originated from, then you need to maintain an extensive logging system keeping records on source IP addresses, source port addresses, along with dates/times. CGN bindings are formed for every unique TCP and UDP session, which can mean 150-450 bytes per connection and 33-216,000 connections per subscriber each day, resulting in the need to log 5-96 MB of data. For 1 million subscribers, this will generate up to 1 PB of data per month!

It’s becoming ever more complex to handle this information, and even if it’s possible to maintain comprehensive records, subscribers are also likely to be operating NATs and the trace will stop at these edge points. Bear in mind that some operators are also running out of private IPv4 address space on individual subnets, and are therefore needing to implement layers of CGNs.

Furthermore, it’s becoming increasingly difficult to analyse traffic flows as users and applications resort to encryption, sessions are split over multiple paths and access technologies (e.g. cellular, wifi), and even over a combination of IPv4 and IPv6.

So whilst Law Enforcement Agencies have traditionally focused on the network as the point of interception and tracing, and have introduced laws to mandate ever more extensive logging, the reality is that IPv4 addresses are increasing losing coherent meaning in terms of end party identification.

This might be interpreted that the choice is between ever more complicated and expensive record keeping systems, or transitioning to IPv6. Of course, some may see obfuscation through IPv4 as a positive benefit, but the fact remains that IPv4 is increasingly less scalable and becoming more complex to manage. IPv6 brings many other advantages with it, and confidentiality can still be maintained by using platforms and applications that support this.

You can watch Geoff’s presentation during the Network Security session on YouTube.

And if you’re interested in deploying IPv6 after this, then please see our Start Here page for more information!