Vivek Nigam and Pubudu Jayasinghe discuss the Internet in Myanmar, IPv4 depletion and how Members can manage that, deploying IPv6, and routing security.
10. Annual IPv4 Transfers
As at 30 September
0
50
100
150
200
250
300
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
2016 Projection Between RIR Regions Within APNIC Region
12. IP-based Geolocation observation
• Incorrect IP Geolocation
• Accuracy of IP Geolocation
• Missing IP Geolocation
• IP Geolocation based filtering …
13. What are we doing?
• Research on how IP address-based geolocation
information is gathered and consumed
• Understand how APNIC data is used in building geolocation
information
• Implementation of organisation object
19. The Internet
• Networks worldwide
interconnect to form the
Internet. They include
ISPs, Internet Exchange
Points, Universities,
Corporate networks, etc.
• Each dot represents an AS
• There are 50,000+ ASNs
currently active in the
Internet
peer1.com
20. Myanmar Internet : 2015 vs 2016
Resources for your business growth
How secure is your routing?
23. IPv4 holdings
Year Number %
2015 7/16 43.75%
2016 29/38 76.32%
Final /22 from 103 block
/22 from recovered pool
Year Number %
2016 19/38 50%
Waiting queue for recovered /22 since mid-2016
28. Referral applications
ABC-AP
Contact: John@abc.com
Bill To: ABC Pvt Ltd
XYZ-AP
Contact: Jane@xyz.com
Bill To: XYZ Pvt Ltd
XYZ-AP
Contact: John@abc.com
Bill To: ABC Pvt Ltd
You are free to negotiate
the referrer and referee
relationship with your
customer
From APNIC’s point of
view, your customer is
the custodian of the IP
resources
but
or
29. IPv4 Transfer
www.apnic.net/pre-approval-listing
Contact a Member
through APNIC
Transfer Resources
Make use of the IPv4 transfer listing page
Member B
Has Excess IPv4
Member A
Need more IPv4
Submits a Pre-approval
www.apnic.net/transfer
32. Per country IPv6 adoption
Country IPv6 Capable
BE Belgium, Western Europe, Europe 53.64%
US United States of America, Northern America, Americas 33.88%
JP Japan, Eastern Asia, Asia 15.87%
MY Malaysia, South-Eastern Asia, Asia 14.82%
IN India, Southern Asia, Asia 10.79%
AU Australia, Australia and New Zealand, Oceania 8.08%
SG Singapore, South-Eastern Asia, Asia 4.94%
VN Vietnam, South-Eastern Asia, Asia 3.79%
TH Thailand, South-Eastern Asia, Asia 2.01%
LK Sri Lanka, Southern Asia, Asia 1.73%
34. IPv6 support from APNIC: Training
www.apnic.net/training
eLearning
Workshops
35. IPv6 support, information and assistance
• www.apnic.net/IPv6
• IPv6 data and statistics
• IPv6 for mobile networks
• IPv4 to IPv6 transition case studies
• Best practices
• Information for network engineers
• Technical assistance to your organization
• Sri Lanka
• Bangladesh
• Thailand
36. Myanmar Internet : 2015 Vs 2016
Resources for your business growth
How secure is your routing?
37. Hijacked !!
A
AS1 (ISP of Victim)
AS4 (Large ISP)
AS2
(Legitimate owner of 2001:DB8::/32)
BGP:2001:DB8::/32
B
C
D
BGP:2001:DB8::/4
8
BGP:2001:DB8::/32
BGP:2001:DB8::/48
AS3 (ISP of Hijacker)
Source : http://www.secureworks.com/
38. Resource Public Key Infrastructure
What is RPKI?
• A robust security framework for verifying the association between
resource holders and their Internet resources
• Uses x.509 certificates with RFC3779 extensions
• Collaborative effort by all RIRs to help secure Internet routing by
validating routes
39. APNIC resource certification
Valid from: 2016.12.05
Valid to: 2017.12.04
Origin ASN: 131107
IP prefix: 2001:0DB8::/32
Most specific allowed: /36
Create your ROAs now
through APNIC’s Resource
Certification Tool.
ROA – Route Origin Authorization
40. RPKI adoption in the region
Country % coverage
Sri Lanka 83.14
Philippines 74.45
Laos 56.03
Nepal 40.36
Bangladesh 31.55
Malaysia 15.38
Thailand 4.41
MM – 18.52
43. Register now for APRICOT 2017
• Great opportunity to meet
international and national
Internet leaders
• Registration is open
– Sizeable discounts available –
register by 9 Dec to enjoy
these early bird rates
2017.apricot.net/register
APNIC office in Brisbane. Around 70 full time staff
1994 APNIC started in JP
Moved to Australia in 1997 due to various reasons - neutrality, economically viable.
Think of questions to ask.
At APNIC, we split our activities into three main areas, which are:
For IPv4 delegations, there was a marked increase between 2013 and 2014 due to the availability of recovered address space from IANA.
Implemented on 9 June 2016
Final /8 44% remaining
June recycled 0
- IPv4 transfer is also in the rise.
Inter RIR started first with ARIN around 2011 and mainly they are incoming from ARIN
As of 1 October 2015, RIPE also implemented the Inter RIR transfer policy
Up to now, there has been a few transfers from APNIC region to RIPE region.
Nothing in BT
No inter-rir transfers to BT
No market transfer to BT
“When we are downloading from content distribution networks, it is determining that our location is from Australia, in fact, speedtest.net thinks we are in Adelaide.
Is there a way to resolve this geolocation issue so we appear from Manila.”
“We're having issues with our address space on the Google Play store. It seems the range location can't be identified.
Outreaching to Geolocation providers to correct
Started dialog with Geo Ip
This survey is conducted every 2 years.
For APNIC EC and secretariat to understand the needs and wishes of the community
Have received equal correspondence from the sub-region evenly.
- According to the survey, the three highest ranked challenges faced by members were all related to “Security”.
41% of responses were network security (intrusion and other breaches)
33% responses for DDOS attack, and followed by Phishing, Spam, Malware and Ransomware.
Besides, the survey also ask if APNIC has a role to play in addressing each of these challenges.
Majority of the response agree that APNIC can assist them in getting more IPv4 addresses
67% agrees that APNIC has a role to play in routing security.
You can refer to to the link /surveys
I am not going to explain in details how to put through a referral application. If you want to know, you can meet me after the presentation or call our helpdesk line.
But I will show the kind of relationship you may have with your customer once they become APNIC Member on your referral.
From APNICs point of view they will become the actual custodian of IP resources. The membership agreement will be between your customer and APNIC.
However when it comes to managing resources of making payments your customer can either do it by themselves as the green box shows, or you can manage their resources, through MyAPNIC or even become the payment agent on behalf of them.
So this option can actually help you to grow your business even if you cannot get IPv4 addresses directly to your account.
IPv4 transfers.
Usually when a member wants to close their account or if they have unused IPv4 space, they contact APNIC and ask us to reclaim those resources, so that they don’t have to pay for it. Once the account gets closed, the resources go back to the recovered pool.
On the other hand, if you check our IPv4 transfer listing page, you can find accounts which wants more IPv4 resources. And you can contact those members through APNIC, and negotiate on transfer conditions with the recipient and transfer the resources, and finally close the account.
Since Bangladesh has quite a big number of accounts, you can actually make use of this page effectively for the benefit of your community.
So please register yourselves in the pre-approval listing page, if you think you may require more IP resources in the future.
At the end of the day, IPv4 is just not enough to cater for the growth of internet. So many devices are getting connected to the internet daily, and the growth is very fast. Therefore, a better option is to start deploying IPv6 as soon as it is possible. Until it becomes feasible it is a good idea to do testing, get knowledge and be ready.
This is taken from Google statistics page. And it shows the percentage of end users who connected to google services or advertisements with IPv6 preferred devices over the years.
As you can see it is an exponential growth. For example, in January 2015, 5.84 % of users connected via IPv6, and it almost doubled within an year….upto 10.41 % in January 2016.
These are encouraging figures for any ISP to think about Ipv6 deployments very soon.
To get this free and easy IPv6 block, all you have to do it goto MyAPNIC home page, and look for IPv6 one click promotion. And confirm.
If you have an existing IPv4 assignment, you are automatically eligible for a /48 of IPv6, and if you have an allocation, you get a /32.
APNIC also provides lot of E-learning courses through online webcast, and through face-to-face workshops like the one we had for the last 4 days. So make use of these resources, check our taining calendar, see if any events are happening close to your area, and try to attend to them.
More information about IPv6 such as best practices, success stories, case studies, and latest developments…you can visit our IPv6 Page. There is a huge amount of up to date information.
Another initiative APNIC started in 2015 is technical assistance program. Last year, Philip Smith and Deam Peaberton visited Sri Lanka, Bangladesh and Thailand, on member request to discuss their specific issues related to let it be IPv6, network security etc. This is a face-to-face discussion in a more private environment, which allows you to discuss about issue that you don’t want your competitors to know about. So please make use of these resources available to APNIC members…If you want to have any technical assistance at your place, let us know.
In this I am trying to show you a very simple illustration of how a route hijacking happens.
Entity B, the legitimate owner of the /16 prefix rightfully announces his prefix using AS2, and entity C, a large ISP propagates this information.
Entity D, the hijacker announces a more specific /24 using AS3.
Without RPKI in place, AS4 cannot distinguish between the rightful announcement and the false announcement. Therefore, large ISP propagates with false announcement to the internet.
Once this happens, part of the traffic which is suppose to go to the entity B is diverted to the hijacker.