apnic update, npnog 0.5

1

APNIC UpdateSunny ChendiNPIX AGM 2016 – NPNOG v0.506 August 2016

2

APNIC’s Vision

A global, open, stable and secure Internet that serves the entire Asia

Pacific community

3

APNIC Activities

Serving

Cooperating

Supporting

4

Annual IPv6 Delegations

By delegation type

>=/31/32/43-/47/48

By size By request typeAs at 30 June

AllocationAssignment

One-clickNormal

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160

200

400

600

800

1000

5

Annual IPv4 Delegations

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160

1000

2000

3000

4000

5000

From 103 poolFrom recov-ered pool

/24/23/22

NIRNewExisting

By pool By size By MemberAs at 30 June

6

Annual ASN Assignments

2-byte

4-byte

By type

Rejected

Accepted

4-byte return rateAs at 30 June

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160

200

400

600

800

10004-byte

2-byte

7

Annual IPv4 Transfers

UsedDid not use

Using listing service

UsedRemaining

Pre-approval usageAs at 30 June

2010 2011 2012 2013 2014 2015 20160

50

100

150

200Intra-RIR

Inter-RIR

8

APNIC Membership

1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160

1000

2000

3000

4000

5000

6000

XLVLLMSVSAS

As at 30 June

9

Registration Data Access ProtocolStandardized JSON query/response

RESTful web services over HTTP 

Automatic inter-registry redirection

Authorization at attribute level

Internationalization using UTF-8

RDAP Deployed in production 2015

Solves a number of limitations to WHOIS protocol

www.apnic.net/rdap

10

RPKI

“Ready to ROA” campaign – hands-on sessions to help Members create ROAs

Regional RPKI adoption growing: from 0.8% to 3.44% and rising over last 17 months

www.apnic.net/roa

ROA stats (to date)

Enabled ROA engine count 609

Numbers of ROAs created 409

Number of IPv4 addresses under ROAs (/32s)

7,508,736

Number of IPv6 addresses under ROAs (/56s)

1,998,555,200

% allocated space under ROAs (IPv4)

0.87

% allocated space under ROAs (IPv6)

0.24

11

Motivation behind RPKI (ROAs)• Prevent route hijacking

– Only the rightful custodian can originate the prefix announcement

• Minimize common routing errors– Human errors

12

Member RPKI query“Hi,This is w.r.t my registration on BGPMon for RPKI-ROA status for securing BGP &to avoid BGP Hijack. Based on the registration. I received the below alerts.Please guide for the same since I want to secure my ASN & prefixes. “

====================================================================RPKI Validation Failed (Code: 9)====================================================================Your prefix: xxxxxxxxxxxxxxxxx: Prefix Description: xxxxxxxxxxxxxxxxx Update time: 2014-10-15 09:41 (UTC)Detected by #peers: 4Detected prefix: xxxxxxxxxxxxxxxxxAnnounced by: xxxxxxxxxxxxxxxxxUpstream AS: xxxxxxxxxxxxxxxxxASpath: xxxxxxxxxxxxxxxxx Alert details:https://portal.bgpmon.net/alerts.php?details&alert_id=47198623Mark as false alert: https://portal.bgpmon.net/fp.php?aid=47198623RPKI Status: No ROA found

13

RPKI ready?

14

Route and ROA managementMembers can create ROAs while creating route objects

15

Route and ROA management

16

ROAs in South AsiaCountry IPv4 prefixes covered IPv4 prefixes valid

Afghanistan 0% 0%Bangladesh 25.11% 24.05%Bhutan 86.67% 86.67%India 0.04% 0.03%Maldives 0% 0%Nepal 55.3% 18.28%Pakistan 12.17% 12.14%Sri Lanka 50.18% 40.57%

source : https://lirportal.ripe.net/certification/content/static/statistics/world-roas.htmldate : 18 July 2016

17

Nepal

http://rpki.apnictraining.net/output/np.html

Total ASNs delegated by RIR: 57Visible IPv4 routes: 443Visible IPv6 routes: 12

18

Nepal• Most Invalid ROA are for:

– Route Prefix length is greater than the maximum length allowed by VRP(s) matching this route origin ASN

• Invalid ROA originating ASN are– AS23752

19

RPKI data violation example

20

MyAPNIC Improvements

Improving major features of MyAPNIC

Authorized contact management

Whois records management

Reverse DNS management

Route and ROA management

MyAPNIC speed improvement – 24% faster response time

Simplified whois updates

21

Whois Accuracy Project

Simplifying contact update process

Assisting with IRT registration process

Clearer information about PoC in IP address object

Guidelines on using and updating

information in whois

Monthly cleanup program on

referenced objects (12 months+)

Easily report invalid contacts

Improving database and

information accuracy to

provide better user experience

22

Website Improvements

Navigation and usability improvements to home page and services pages

23

2015 Policy Implementations

Proposals approved at APNIC 40 Policy SIG

prop-113: Modification in the IPv4 eligibility criteria

prop-114: Modification in the ASN eligibility criteria

www.apnic.net/policy

24

The APNIC Development ProgramSupports the growth of

the Asia Pacific community by

providing:

• Training and technical assistance

• Infrastructure support

• Grants and awards• Research

25

APNIC Training2016(to date)

• 30 F2F courses held in 15 locations

• 915 F2F trainees

• 529 trainees in 69 eLearning sessions

• Video archives: 101 videos; 389,060 views

26

NOG Outreach

BTNOG 1 SANOG 24

MMNOG

SGNOG 2015

MMNOG 2015

www.apnic.net/nog

2016: JANOG (Jan), PHNOG (Jan), SANOG (Jan), bdNOG (Apr), TWNOG (Jun)

… and many more to come!

• Technical and APNIC updates

• Hostmaster consultations

• Training sessions

• Sponsorship and logistical support

bdNOG 5

27

Security Outreach

Craig Ng

NOGs, CSIRTS and LEA events

PK, CN, HK, KR, JP, PH, SG, MY, ID, AU, LK, MV, TW

Collaboration with JICA and KISA to deliver regional

CERT training

Geoff Huston member of ICANN SSAC

Adli Wahid member of FIRST Board; invited to join INTERPOL Global

Cybercrime Expert Group

www.apnic.net/security

Adli Wahid

28

ITU/APNIC IPv6 workshop

ITU/APNIC IPv6 workshop

IPv6 Outreach

APNIC/ITU IPv6 Workshop, Bangkok

2016 (to date)

• 232 trainees in 6 economies

• IPv6 presentations at 7 events

• IPv6 workshop with ITU in TH & KH

• Supporting APIPv6TF Secretariat

www.apnic.net/ipv6

29

The APNIC Foundation

Established in Hong Kong to support and expand the APNIC

Development Program

30

Next APNIC Conference

conference.apnic.net/42

Colombo, Sri LankaWorkshop: 28 Sep to 2 OctConference: 3 to 5 Oct

31

Later Conferences• APRICOT 2017, Ho Chi Minh City, Vietnam

– 20 February to 2 March 2017

• APNIC 44, Taichung, Taiwan– 7 to 14 September 2017

32

Stay in Touch!

blog.apnic.net

apnic.net/social

33

THANK YOU