apnic update, npnog 0.5
TRANSCRIPT
1
APNIC UpdateSunny ChendiNPIX AGM 2016 – NPNOG v0.506 August 2016
2
APNIC’s Vision
A global, open, stable and secure Internet that serves the entire Asia
Pacific community
3
APNIC Activities
Serving
Cooperating
Supporting
4
Annual IPv6 Delegations
By delegation type
>=/31/32/43-/47/48
By size By request typeAs at 30 June
AllocationAssignment
One-clickNormal
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160
200
400
600
800
1000
5
Annual IPv4 Delegations
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160
1000
2000
3000
4000
5000
From 103 poolFrom recov-ered pool
/24/23/22
NIRNewExisting
By pool By size By MemberAs at 30 June
6
Annual ASN Assignments
2-byte
4-byte
By type
Rejected
Accepted
4-byte return rateAs at 30 June
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160
200
400
600
800
10004-byte
2-byte
7
Annual IPv4 Transfers
UsedDid not use
Using listing service
UsedRemaining
Pre-approval usageAs at 30 June
2010 2011 2012 2013 2014 2015 20160
50
100
150
200Intra-RIR
Inter-RIR
8
APNIC Membership
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 20160
1000
2000
3000
4000
5000
6000
XLVLLMSVSAS
As at 30 June
9
Registration Data Access ProtocolStandardized JSON query/response
RESTful web services over HTTP
Automatic inter-registry redirection
Authorization at attribute level
Internationalization using UTF-8
RDAP Deployed in production 2015
Solves a number of limitations to WHOIS protocol
www.apnic.net/rdap
10
RPKI
“Ready to ROA” campaign – hands-on sessions to help Members create ROAs
Regional RPKI adoption growing: from 0.8% to 3.44% and rising over last 17 months
www.apnic.net/roa
ROA stats (to date)
Enabled ROA engine count 609
Numbers of ROAs created 409
Number of IPv4 addresses under ROAs (/32s)
7,508,736
Number of IPv6 addresses under ROAs (/56s)
1,998,555,200
% allocated space under ROAs (IPv4)
0.87
% allocated space under ROAs (IPv6)
0.24
11
Motivation behind RPKI (ROAs)• Prevent route hijacking
– Only the rightful custodian can originate the prefix announcement
• Minimize common routing errors– Human errors
12
Member RPKI query“Hi,This is w.r.t my registration on BGPMon for RPKI-ROA status for securing BGP &to avoid BGP Hijack. Based on the registration. I received the below alerts.Please guide for the same since I want to secure my ASN & prefixes. “
====================================================================RPKI Validation Failed (Code: 9)====================================================================Your prefix: xxxxxxxxxxxxxxxxx: Prefix Description: xxxxxxxxxxxxxxxxx Update time: 2014-10-15 09:41 (UTC)Detected by #peers: 4Detected prefix: xxxxxxxxxxxxxxxxxAnnounced by: xxxxxxxxxxxxxxxxxUpstream AS: xxxxxxxxxxxxxxxxxASpath: xxxxxxxxxxxxxxxxx Alert details:https://portal.bgpmon.net/alerts.php?details&alert_id=47198623Mark as false alert: https://portal.bgpmon.net/fp.php?aid=47198623RPKI Status: No ROA found
13
RPKI ready?
14
Route and ROA managementMembers can create ROAs while creating route objects
15
Route and ROA management
16
ROAs in South AsiaCountry IPv4 prefixes covered IPv4 prefixes valid
Afghanistan 0% 0%Bangladesh 25.11% 24.05%Bhutan 86.67% 86.67%India 0.04% 0.03%Maldives 0% 0%Nepal 55.3% 18.28%Pakistan 12.17% 12.14%Sri Lanka 50.18% 40.57%
source : https://lirportal.ripe.net/certification/content/static/statistics/world-roas.htmldate : 18 July 2016
17
Nepal
http://rpki.apnictraining.net/output/np.html
Total ASNs delegated by RIR: 57Visible IPv4 routes: 443Visible IPv6 routes: 12
18
Nepal• Most Invalid ROA are for:
– Route Prefix length is greater than the maximum length allowed by VRP(s) matching this route origin ASN
• Invalid ROA originating ASN are– AS23752
19
RPKI data violation example
20
MyAPNIC Improvements
Improving major features of MyAPNIC
Authorized contact management
Whois records management
Reverse DNS management
Route and ROA management
MyAPNIC speed improvement – 24% faster response time
Simplified whois updates
21
Whois Accuracy Project
Simplifying contact update process
Assisting with IRT registration process
Clearer information about PoC in IP address object
Guidelines on using and updating
information in whois
Monthly cleanup program on
referenced objects (12 months+)
Easily report invalid contacts
Improving database and
information accuracy to
provide better user experience
22
Website Improvements
Navigation and usability improvements to home page and services pages
23
2015 Policy Implementations
Proposals approved at APNIC 40 Policy SIG
prop-113: Modification in the IPv4 eligibility criteria
prop-114: Modification in the ASN eligibility criteria
www.apnic.net/policy
24
The APNIC Development ProgramSupports the growth of
the Asia Pacific community by
providing:
• Training and technical assistance
• Infrastructure support
• Grants and awards• Research
25
APNIC Training2016(to date)
• 30 F2F courses held in 15 locations
• 915 F2F trainees
• 529 trainees in 69 eLearning sessions
• Video archives: 101 videos; 389,060 views
26
NOG Outreach
BTNOG 1 SANOG 24
MMNOG
SGNOG 2015
MMNOG 2015
www.apnic.net/nog
2016: JANOG (Jan), PHNOG (Jan), SANOG (Jan), bdNOG (Apr), TWNOG (Jun)
… and many more to come!
• Technical and APNIC updates
• Hostmaster consultations
• Training sessions
• Sponsorship and logistical support
bdNOG 5
27
Security Outreach
Craig Ng
NOGs, CSIRTS and LEA events
PK, CN, HK, KR, JP, PH, SG, MY, ID, AU, LK, MV, TW
Collaboration with JICA and KISA to deliver regional
CERT training
Geoff Huston member of ICANN SSAC
Adli Wahid member of FIRST Board; invited to join INTERPOL Global
Cybercrime Expert Group
www.apnic.net/security
Adli Wahid
28
ITU/APNIC IPv6 workshop
ITU/APNIC IPv6 workshop
IPv6 Outreach
APNIC/ITU IPv6 Workshop, Bangkok
2016 (to date)
• 232 trainees in 6 economies
• IPv6 presentations at 7 events
• IPv6 workshop with ITU in TH & KH
• Supporting APIPv6TF Secretariat
www.apnic.net/ipv6
29
The APNIC Foundation
Established in Hong Kong to support and expand the APNIC
Development Program
30
Next APNIC Conference
conference.apnic.net/42
Colombo, Sri LankaWorkshop: 28 Sep to 2 OctConference: 3 to 5 Oct
31
Later Conferences• APRICOT 2017, Ho Chi Minh City, Vietnam
– 20 February to 2 March 2017
• APNIC 44, Taichung, Taiwan– 7 to 14 September 2017
32
Stay in Touch!
blog.apnic.net
apnic.net/social
33
THANK YOU