APNIC Member Gathering Highlights Secure Internet Growth in Myanmar
•Transferir como PPTX, PDF•
0 gostou•504 visualizações
Vivek Nigam and Pubudu Jayasinghe discuss the Internet in Myanmar, IPv4 depletion and how Members can manage that, deploying IPv6, and routing security.
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (18)
Semelhante a APNIC Member Gathering Highlights Secure Internet Growth in Myanmar
Semelhante a APNIC Member Gathering Highlights Secure Internet Growth in Myanmar (20)
Mais de APNIC
Mais de APNIC (20)
Último
Último (20)
APNIC Member Gathering Highlights Secure Internet Growth in Myanmar
- 1. 1 APNIC Member Gathering 5 December, Yangon - vivek@apnic.net - pubudu@apnic.net
- 2. Agenda • Trends and observations • Myanmar Internet : 2015 vs 2016 • Resources for your business growth • How secure is your routing?
- 3. Member Services Vivek, Member Services Manager
- 5. APNIC’s Vision A global, open, stable and secure Internet that serves the entire Asia Pacific community
- 6. APNIC Activities Serving APNIC Members Supporting Regional Internet Development Cooperating with the Global Internet Community
- 7. Annual IPv4 Delegations 0 500 1000 1500 2000 2500 3000 3500 4000 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 East Asia Oceania South East Asia South Asia 2016 Projection As at 30 September
- 8. Waiting list for recovered pool
- 9. IPv4 pool status 0% 20% 40% 60% 80% 100% 2011 2012 2013 2014 2015 2016 % of final /8 remaining
- 10. Annual IPv4 Transfers As at 30 September 0 50 100 150 200 250 300 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2016 Projection Between RIR Regions Within APNIC Region
- 11. IPv4 transfers 134 (8.3 M)2 108 656 (14.1M)
- 12. IP-based Geolocation observation • Incorrect IP Geolocation • Accuracy of IP Geolocation • Missing IP Geolocation • IP Geolocation based filtering …
- 13. What are we doing? • Research on how IP address-based geolocation information is gathered and consumed • Understand how APNIC data is used in building geolocation information • Implementation of organisation object
- 15. APNIC Survey 2016 participation
- 16. Challenges faced by Members Security is the biggest challenge!
- 17. Does APNIC have a role to play? www.apnic.net/survey
- 18. How do you visualize the Internet ?
- 19. The Internet • Networks worldwide interconnect to form the Internet. They include ISPs, Internet Exchange Points, Universities, Corporate networks, etc. • Each dot represents an AS • There are 50,000+ ASNs currently active in the Internet peer1.com
- 20. Myanmar Internet : 2015 vs 2016 Resources for your business growth How secure is your routing?
- 21. Myanmar 53.4 million population 2015 2016
- 22. Membership growth Year Number 2015 16 2016 38 137% growth! Highest percentage in the region
- 23. IPv4 holdings Year Number % 2015 7/16 43.75% 2016 29/38 76.32% Final /22 from 103 block /22 from recovered pool Year Number % 2016 19/38 50% Waiting queue for recovered /22 since mid-2016
- 24. IPv6 custodianship Year Number of accounts with RPKI % 2015 6/16 37.5% 2016 23/38 60.52%
- 25. RPKI adoption Year Number of accounts with RPKI % 2015 1/16 6.25% 2016 3/38 7.89%
- 26. Myanmar Internet : 2015 Vs 2016 Resources for your business growth How secure is your routing?
- 27. IPv4 is fast exhausting - what next?
- 28. Referral applications ABC-AP Contact: John@abc.com Bill To: ABC Pvt Ltd XYZ-AP Contact: Jane@xyz.com Bill To: XYZ Pvt Ltd XYZ-AP Contact: John@abc.com Bill To: ABC Pvt Ltd You are free to negotiate the referrer and referee relationship with your customer From APNIC’s point of view, your customer is the custodian of the IP resources but or
- 29. IPv4 Transfer www.apnic.net/pre-approval-listing Contact a Member through APNIC Transfer Resources Make use of the IPv4 transfer listing page Member B Has Excess IPv4 Member A Need more IPv4 Submits a Pre-approval www.apnic.net/transfer
- 31. Global IPv6 growth November 2016 : 14.81% November 2015 : 9.39% Source : Google IPv6 Statistics
- 32. Per country IPv6 adoption Country IPv6 Capable BE Belgium, Western Europe, Europe 53.64% US United States of America, Northern America, Americas 33.88% JP Japan, Eastern Asia, Asia 15.87% MY Malaysia, South-Eastern Asia, Asia 14.82% IN India, Southern Asia, Asia 10.79% AU Australia, Australia and New Zealand, Oceania 8.08% SG Singapore, South-Eastern Asia, Asia 4.94% VN Vietnam, South-Eastern Asia, Asia 3.79% TH Thailand, South-Eastern Asia, Asia 2.01% LK Sri Lanka, Southern Asia, Asia 1.73%
- 33. MyAPNIC IPv4 assignment /48 IPv6 assignment IPv4 allocation /32 IPv6 allocation
- 34. IPv6 support from APNIC: Training www.apnic.net/training eLearning Workshops
- 35. IPv6 support, information and assistance • www.apnic.net/IPv6 • IPv6 data and statistics • IPv6 for mobile networks • IPv4 to IPv6 transition case studies • Best practices • Information for network engineers • Technical assistance to your organization • Sri Lanka • Bangladesh • Thailand
- 36. Myanmar Internet : 2015 Vs 2016 Resources for your business growth How secure is your routing?
- 37. Hijacked !! A AS1 (ISP of Victim) AS4 (Large ISP) AS2 (Legitimate owner of 2001:DB8::/32) BGP:2001:DB8::/32 B C D BGP:2001:DB8::/4 8 BGP:2001:DB8::/32 BGP:2001:DB8::/48 AS3 (ISP of Hijacker) Source : http://www.secureworks.com/
- 38. Resource Public Key Infrastructure What is RPKI? • A robust security framework for verifying the association between resource holders and their Internet resources • Uses x.509 certificates with RFC3779 extensions • Collaborative effort by all RIRs to help secure Internet routing by validating routes
- 39. APNIC resource certification Valid from: 2016.12.05 Valid to: 2017.12.04 Origin ASN: 131107 IP prefix: 2001:0DB8::/32 Most specific allowed: /36 Create your ROAs now through APNIC’s Resource Certification Tool. ROA – Route Origin Authorization
- 40. RPKI adoption in the region Country % coverage Sri Lanka 83.14 Philippines 74.45 Laos 56.03 Nepal 40.36 Bangladesh 31.55 Malaysia 15.38 Thailand 4.41 MM – 18.52
- 41. ROA usage in apps and services
- 42. Create your ROAs! Let’s do it now www.apnic.net/ROA
- 43. Register now for APRICOT 2017 • Great opportunity to meet international and national Internet leaders • Registration is open – Sizeable discounts available – register by 9 Dec to enjoy these early bird rates 2017.apricot.net/register
- 44. 44 Thank you!
Notas do Editor
- APNIC office in Brisbane. Around 70 full time staff 1994 APNIC started in JP Moved to Australia in 1997 due to various reasons - neutrality, economically viable.
- Think of questions to ask.
- At APNIC, we split our activities into three main areas, which are:
- For IPv4 delegations, there was a marked increase between 2013 and 2014 due to the availability of recovered address space from IANA.
- Implemented on 9 June 2016
- Final /8 44% remaining June recycled 0
- - IPv4 transfer is also in the rise. Inter RIR started first with ARIN around 2011 and mainly they are incoming from ARIN As of 1 October 2015, RIPE also implemented the Inter RIR transfer policy Up to now, there has been a few transfers from APNIC region to RIPE region.
- Nothing in BT No inter-rir transfers to BT No market transfer to BT
- “When we are downloading from content distribution networks, it is determining that our location is from Australia, in fact, speedtest.net thinks we are in Adelaide. Is there a way to resolve this geolocation issue so we appear from Manila.” “We're having issues with our address space on the Google Play store. It seems the range location can't be identified.
- Outreaching to Geolocation providers to correct Started dialog with Geo Ip
- This survey is conducted every 2 years. For APNIC EC and secretariat to understand the needs and wishes of the community Have received equal correspondence from the sub-region evenly.
- - According to the survey, the three highest ranked challenges faced by members were all related to “Security”. 41% of responses were network security (intrusion and other breaches) 33% responses for DDOS attack, and followed by Phishing, Spam, Malware and Ransomware.
- Besides, the survey also ask if APNIC has a role to play in addressing each of these challenges. Majority of the response agree that APNIC can assist them in getting more IPv4 addresses 67% agrees that APNIC has a role to play in routing security. You can refer to to the link /surveys
- ----- Meeting Notes (2/11/15 16:40) ----- IPv6 labs. De regulations. Cambodia comparison V6
- I am not going to explain in details how to put through a referral application. If you want to know, you can meet me after the presentation or call our helpdesk line. But I will show the kind of relationship you may have with your customer once they become APNIC Member on your referral. From APNICs point of view they will become the actual custodian of IP resources. The membership agreement will be between your customer and APNIC. However when it comes to managing resources of making payments your customer can either do it by themselves as the green box shows, or you can manage their resources, through MyAPNIC or even become the payment agent on behalf of them. So this option can actually help you to grow your business even if you cannot get IPv4 addresses directly to your account.
- IPv4 transfers. Usually when a member wants to close their account or if they have unused IPv4 space, they contact APNIC and ask us to reclaim those resources, so that they don’t have to pay for it. Once the account gets closed, the resources go back to the recovered pool. On the other hand, if you check our IPv4 transfer listing page, you can find accounts which wants more IPv4 resources. And you can contact those members through APNIC, and negotiate on transfer conditions with the recipient and transfer the resources, and finally close the account. Since Bangladesh has quite a big number of accounts, you can actually make use of this page effectively for the benefit of your community. So please register yourselves in the pre-approval listing page, if you think you may require more IP resources in the future.
- At the end of the day, IPv4 is just not enough to cater for the growth of internet. So many devices are getting connected to the internet daily, and the growth is very fast. Therefore, a better option is to start deploying IPv6 as soon as it is possible. Until it becomes feasible it is a good idea to do testing, get knowledge and be ready.
- This is taken from Google statistics page. And it shows the percentage of end users who connected to google services or advertisements with IPv6 preferred devices over the years. As you can see it is an exponential growth. For example, in January 2015, 5.84 % of users connected via IPv6, and it almost doubled within an year….upto 10.41 % in January 2016. These are encouraging figures for any ISP to think about Ipv6 deployments very soon.
- To get this free and easy IPv6 block, all you have to do it goto MyAPNIC home page, and look for IPv6 one click promotion. And confirm. If you have an existing IPv4 assignment, you are automatically eligible for a /48 of IPv6, and if you have an allocation, you get a /32.
- APNIC also provides lot of E-learning courses through online webcast, and through face-to-face workshops like the one we had for the last 4 days. So make use of these resources, check our taining calendar, see if any events are happening close to your area, and try to attend to them.
- More information about IPv6 such as best practices, success stories, case studies, and latest developments…you can visit our IPv6 Page. There is a huge amount of up to date information. Another initiative APNIC started in 2015 is technical assistance program. Last year, Philip Smith and Deam Peaberton visited Sri Lanka, Bangladesh and Thailand, on member request to discuss their specific issues related to let it be IPv6, network security etc. This is a face-to-face discussion in a more private environment, which allows you to discuss about issue that you don’t want your competitors to know about. So please make use of these resources available to APNIC members…If you want to have any technical assistance at your place, let us know.
- In this I am trying to show you a very simple illustration of how a route hijacking happens. Entity B, the legitimate owner of the /16 prefix rightfully announces his prefix using AS2, and entity C, a large ISP propagates this information. Entity D, the hijacker announces a more specific /24 using AS3. Without RPKI in place, AS4 cannot distinguish between the rightful announcement and the false announcement. Therefore, large ISP propagates with false announcement to the internet. Once this happens, part of the traffic which is suppose to go to the entity B is diverted to the hijacker.
- ----- Meeting Notes (2/11/15 16:40) ----- IPv6 labs. De regulations. Cambodia comparison V6