APOPS

Minutes

Wednesday 6 September, Grand Hi-Lai Hotel, Kaohsiung, Taiwan

Meeting commenced: 11:05 am

Chairs: Philip Smith, Hideo Ishii

The Chair introduced the session and explained the agenda, noting the new APNIC meeting format including the expanded role of APOPS at APNIC 22 to showcase presentations focusing on operational content. He also encouraged attendees to subscribe to the APOPS mailing list, and noted that some SIGs would not hold sessions at APNIC 22. He explained, however, that the SIGs not meeting at APNIC 22 would continue to exist and meet at future APNIC meetings.

Redundant Internet service provision - customer viewpoint
Building an IP network management system
About Botnet, and the influence that Botnet gives to broadband ISP
Impact of SMW4 on Bangladesh
Local peering situation in Philippines and PHNOG activites
AS-path analysis: testing claims of Tier 1 status and examining BGP routing anomalies
IPv6, what works, what doesn't
Routing certification project update
Route Origination Authorization (ROA) with IRR
Current Large ISP Security Practices
Prevent DoS using IP source address spoofing
Open discussion on the APOPS new format

Redundant Internet service provision - customer viewpoint

Kae Hsu, Seednet

Presentation [ppt | pdf]
Transcript
Video

The speaker shared some of Seednet's experiences in providing network redundancy for customers. The need for redundancy reflects the importance of Internet connectivity to modern business activity, and challenges include expense and increased complexity of operations. Types of redundancy include backup, load-sharing, and multihoming. The speaker explained a range of innovative methods employed by Seednet, including FTTx, xDSL, and wireless.

Questions and discussion

It was noted that it is often expensive for customers to get redundancy. It was asked whether redundancy would provide an increase in income for companies. The speaker noted that if customers felt that redundancy was important to them, they would be happy to pay for good service.
It was asked who the main customers for this kind of redundancy were. The speaker noted that there was a range of companies in Taiwan willing to pay for the service.
It was asked how quickly the redundant services would kick in, in the event of primary connection failure. The speaker discussed an example in which the customer uses BGP in their network to identify any problems; which means that the customer sees practically no outage in the event of failure, though realistically there would be an outage of 10-20 seconds.
A question was asked about anycast. The speaker felt that it remained a considerable challenge. The Chair noted that anycast was used for root servers, and that this would be a subject of interest to many people.

Action items

None.

Top

Building an IP network management system

Shengyong Ding, China Telecom

Presentation [ppt | pdf]
Transcript
Video

The speaker described the China Telecom network, including ChinaNet and CN2, and some of the innovations being made within it. He also noted some of the challenges faced by China Telecom, including centralised control of a traditionally regional business.

Questions and discussion

It was asked whether China Telecom plans to have a network management system developed internally. The speaker noted that the network management system is currently provided by a third-party, but that about a year ago work had begun on developing a system in-house. At this stage, however, it is not advanced enough to be used.
A question was asked about the cost of the network management system (4 million), and the speaker noted that it was really quite economical.
It was asked whether China Telecom would be using IPFIX, the IP flow information export standard being developed by the IETF. The speaker noted that they had not yet considered this option.
It was asked whether China Telecom had deployed multicast, and whether they were managing traffic over multicast. The speaker noted that they plan to implement a management system that will manage multicast.

Action items

None.

Top

About Botnet, and the influence that Botnet gives to broadband ISP

Masaru Akai, BB Technology

Presentation [pdf]
Transcript
Video

The speaker discussed Botnet, a collection of autonomous software robots which attack systems on the network, and the strategies being implemented to counter this problem. He also noted the implications of this for other countries whose broadband networks are currently growing.

Questions and discussion

It was asked why Type A records are described as "spammers or infected". The speaker noted that this referred to the MX records.
It was commented that many spammers are using Yahoo! BB.
It was asked what advice the speaker would have for setting up security groups within their countries, and noted that many people think it's not their problem. The speaker noted that the Japanese community had also been slow to recognise this issue. The Chair suggested that the Japanese community could publicise this issue around the region.
A question was asked regarding how many people in the audience were involved in security management solutions etc. in the Botnet space. The questioner noted that there are many people already involved in "Bot-chasing", but noted that there is not enough discussion across the region.
It was noted that in Japan this information is shared using a confidential mailing list, but that this information is very important to each ISP, and this must be considered.
It was asked what percentage of traffic Botnet is responsible for. The speaker did not have this information, however, it was noted that for the most part it is a fairly low percentage, though DoS attacks create spikes in the amount of traffic.
An audience member noted that his company received a lot of emails complaining of spam from their space, but that Bots would be responsible for a lot of this, and asked what the ISPs could do about this. It was noted that this raises difficult issues regarding jurisdiction.
Regarding the amount of traffic created by Botnet, it was noted that often you simply see the effect, and not the cause, ie, how much is traffic with Bots as its root cause?
It was noted that there are statistics available at spamhaus.org.

Action items

None.

Top

Impact of SMW4 on Bangladesh

Sumon Ahmed Sabir, BDCOM

Presentation [ppt | pdf]
Transcript

The speaker discussed the impact of the SEAMEWE-4 submarine cable on the Bangladesh Internet industry. Primarily, this has meant major growth in the local industry.

Questions and discussion

There was a question about why ISPs abandoned the BDIX, particularly as membership is free, as opposed to BTTB. It was noted that there is a limitation in the number of routers, which meant that smaller operations moved their single router to BTTB.

Action items

None.

Top

Local peering situation in Philippines and PHNOG activites

Amante Alvaran, APNIC

Presentation [ppt | pdf]
Transcript

The speaker discussed the industry situation in the Philippines, particularly with regard to local peering. He noted that there are significant political issues which have hindered local peering between local providers, but that the goal is to have a common exchange point. He also discussed the PHv46X project, an initiative of PHNOG and ASTI/DOST.

Questions and discussion

A question was asked regarding the political issues preventing people from interconnecting, and what the response has been from telcos to the proposed neutral IX. The speaker noted that there has been a good response from both the telcos and the civil bodies. The speaker also noted that the PHNOG members were particularly keen for this to proceed.

Action items

None.

Top

AS-path analysis: testing claims of Tier 1 status and examining BGP routing anomalies

Gaurab Raj Upadhaya, NPIX

Presentation [pdf]
Transcript

The speaker discussed work that he has been doing on AS path analysis. The starting point for this work was the claims of "tier-1" Autonomous Systems that they do not receive transit from any other ASes. This means that no more than two ASes within a specific AS path can make claims to be "tier-1". An examination of global data brings to light a number of anomalies in this formulation.

Questions and discussion

The Chair suggested a possible solution to the speaker's example involving Tiscali.
The speaker encouraged providers in the AP region to provide information that might be of assistance to the project.

Action items

None.

Top

IPv6, what works, what doesn't

Merike Kaeo, Double Shot Security

Presentation [ppt | pdf]
Transcript

The speaker discussed some of her experiences in building a dual stack network for Boeing. The presentation examined some of the issues that were encountered during the project, and some of the solutions that people around the world are currently implementing.

Questions and discussion

None.

Action items

None.

Top

Routing certification project update

Geoff Huston, APNIC

Presentation [ppt | pdf]
Transcript

The speaker delivered an update on the progress of the routing certification trial currently going on within APNIC. The presentation included a brief background on resource certification and the need for it, and specific details of the APNIC trial, using X.509 Public Key Certificates and OpenSSL.

Questions and discussion

None.

Action items

None.

Top

Route Origination Authorization (ROA) with IRR

Taji Kimura, JPNIC

Presentation [pdf]
Transcript

The speaker discussed two ideas for the management of logics of resource certificates: the use of the IRR for "handy certificates", and an external ROA for ISPs for simplified deployment.

Questions and discussion

There was a comment that many of the ideas presented reflected the ideas of the design team within APNIC and the other RIRs.
There was a question on how the currency of the IRR information would be maintained. It was also noted that many IRRs have similar, but conflicting data, and it was asked how this might be resolved. The speaker noted two ways that route operators could be motivated to clean the data within the IRR.

Questions and discussion

None.

Action items

None.

Top

Current Large ISP Security Practices

Merike Kaeo, Double Shot Security

Presentation [ppt | pdf]
Transcript

The speaker discussed some of the findings of a survey of security practices of ISPs. Of particular concern are the level of understanding about the importance of security, the security policies that are in place, and ISP response capabilities.

Questions and discussion

There was a comment on "security pantomime" vs "real security", and whether the need to be being seen to be doing something is actually getting to the root of the problem. It was noted that the main problem may be that infrastructure can not distinguish between good packets and bad packets. The speaker noted that the problem means that ISPs end up being "police", while the responsibility should really lie with the end systems, and noted that the best you can do is ensure that your networks are as secure as possible.

Action items

None.

Top

Prevent DoS using IP source address spoofing

Yoshinobu Matsuzaki, IIJ

Presentation [ppt | pdf]
Transcript

This presentation looked at Denial of Service attacks using IP spoofing (IP packets with source addresses other than those assigned to that host). The speaker looked at the various ways in which spoofing can be used to mount a DoS attack, and how these attacks can be prevented.

Questions and discussion

There was a question regarding URPF, noting that it may not be a solution to the problems caused by address spoofing.
There was a comment on DNS reflection attacks, noting that any UPTP based service could be used as a reflector, and that there was no solution other than ingress filtering.

Action items

None.

Top

Open discussion on the APOPS new format

There was considerable support for the new format from those in the room.
It was noted that the content of the meeting had been of a very high standard, and that this was perhaps related to the various SIG Chairs working together as a program committee for APOPS.
There was considerable support for the single stream format of the meeting program.
It was noted that the new format allowed for a wide range of discussion topics.
It was noted that the SIGs have not ceased to exist, and at the coming APRICOT meeting they will have their own meetings as part of the APRICOT program.

Top

Open action items

None.

Meeting closed: 5:40 pm

Minuted by: Chris Buckridge

Minutes | APOPS

Minutes Program Tutorials IPv6 tutorial Security tutorial Spam tutorial Routing workshop Opening plenary Plenary panel APOPS Lightning talks SIGs IPv6 technical NIR Policy BoF APNIC Member Meeting Events Opening reception APNIC social event Informal closing dinner NC election Sponsorship Fellowship HM consultation APNIC meetings Past meetings APNIC 21 APNIC 20 APNIC 19 APNIC 18 More... APNIC 22 home APNIC home
	APNIC 22 home » Minutes » APOPS APOPS Minutes Wednesday 6 September, Grand Hi-Lai Hotel, Kaohsiung, Taiwan Meeting commenced: 11:05 am Chairs: Philip Smith, Hideo Ishii The Chair introduced the session and explained the agenda, noting the new APNIC meeting format including the expanded role of APOPS at APNIC 22 to showcase presentations focusing on operational content. He also encouraged attendees to subscribe to the APOPS mailing list, and noted that some SIGs would not hold sessions at APNIC 22. He explained, however, that the SIGs not meeting at APNIC 22 would continue to exist and meet at future APNIC meetings. Transcript Video Contents Redundant Internet service provision - customer viewpoint Building an IP network management system About Botnet, and the influence that Botnet gives to broadband ISP Impact of SMW4 on Bangladesh Local peering situation in Philippines and PHNOG activites AS-path analysis: testing claims of Tier 1 status and examining BGP routing anomalies IPv6, what works, what doesn't Routing certification project update Route Origination Authorization (ROA) with IRR Current Large ISP Security Practices Prevent DoS using IP source address spoofing Open discussion on the APOPS new format Redundant Internet service provision - customer viewpoint Kae Hsu, Seednet Presentation [ppt \| pdf] Transcript Video The speaker shared some of Seednet's experiences in providing network redundancy for customers. The need for redundancy reflects the importance of Internet connectivity to modern business activity, and challenges include expense and increased complexity of operations. Types of redundancy include backup, load-sharing, and multihoming. The speaker explained a range of innovative methods employed by Seednet, including FTTx, xDSL, and wireless. Questions and discussion It was noted that it is often expensive for customers to get redundancy. It was asked whether redundancy would provide an increase in income for companies. The speaker noted that if customers felt that redundancy was important to them, they would be happy to pay for good service. It was asked who the main customers for this kind of redundancy were. The speaker noted that there was a range of companies in Taiwan willing to pay for the service. It was asked how quickly the redundant services would kick in, in the event of primary connection failure. The speaker discussed an example in which the customer uses BGP in their network to identify any problems; which means that the customer sees practically no outage in the event of failure, though realistically there would be an outage of 10-20 seconds. A question was asked about anycast. The speaker felt that it remained a considerable challenge. The Chair noted that anycast was used for root servers, and that this would be a subject of interest to many people. Action items None. Top Building an IP network management system Shengyong Ding, China Telecom Presentation [ppt \| pdf] Transcript Video The speaker described the China Telecom network, including ChinaNet and CN2, and some of the innovations being made within it. He also noted some of the challenges faced by China Telecom, including centralised control of a traditionally regional business. Questions and discussion It was asked whether China Telecom plans to have a network management system developed internally. The speaker noted that the network management system is currently provided by a third-party, but that about a year ago work had begun on developing a system in-house. At this stage, however, it is not advanced enough to be used. A question was asked about the cost of the network management system (4 million), and the speaker noted that it was really quite economical. It was asked whether China Telecom would be using IPFIX, the IP flow information export standard being developed by the IETF. The speaker noted that they had not yet considered this option. It was asked whether China Telecom had deployed multicast, and whether they were managing traffic over multicast. The speaker noted that they plan to implement a management system that will manage multicast. Action items None. Top About Botnet, and the influence that Botnet gives to broadband ISP Masaru Akai, BB Technology Presentation [pdf] Transcript Video The speaker discussed Botnet, a collection of autonomous software robots which attack systems on the network, and the strategies being implemented to counter this problem. He also noted the implications of this for other countries whose broadband networks are currently growing. Questions and discussion It was asked why Type A records are described as "spammers or infected". The speaker noted that this referred to the MX records. It was commented that many spammers are using Yahoo! BB. It was asked what advice the speaker would have for setting up security groups within their countries, and noted that many people think it's not their problem. The speaker noted that the Japanese community had also been slow to recognise this issue. The Chair suggested that the Japanese community could publicise this issue around the region. A question was asked regarding how many people in the audience were involved in security management solutions etc. in the Botnet space. The questioner noted that there are many people already involved in "Bot-chasing", but noted that there is not enough discussion across the region. It was noted that in Japan this information is shared using a confidential mailing list, but that this information is very important to each ISP, and this must be considered. It was asked what percentage of traffic Botnet is responsible for. The speaker did not have this information, however, it was noted that for the most part it is a fairly low percentage, though DoS attacks create spikes in the amount of traffic. An audience member noted that his company received a lot of emails complaining of spam from their space, but that Bots would be responsible for a lot of this, and asked what the ISPs could do about this. It was noted that this raises difficult issues regarding jurisdiction. Regarding the amount of traffic created by Botnet, it was noted that often you simply see the effect, and not the cause, ie, how much is traffic with Bots as its root cause? It was noted that there are statistics available at spamhaus.org. Action items None. Top Impact of SMW4 on Bangladesh Sumon Ahmed Sabir, BDCOM Presentation [ppt \| pdf] Transcript The speaker discussed the impact of the SEAMEWE-4 submarine cable on the Bangladesh Internet industry. Primarily, this has meant major growth in the local industry. Questions and discussion There was a question about why ISPs abandoned the BDIX, particularly as membership is free, as opposed to BTTB. It was noted that there is a limitation in the number of routers, which meant that smaller operations moved their single router to BTTB. Action items None. Top Local peering situation in Philippines and PHNOG activites Amante Alvaran, APNIC Presentation [ppt \| pdf] Transcript The speaker discussed the industry situation in the Philippines, particularly with regard to local peering. He noted that there are significant political issues which have hindered local peering between local providers, but that the goal is to have a common exchange point. He also discussed the PHv46X project, an initiative of PHNOG and ASTI/DOST. Questions and discussion A question was asked regarding the political issues preventing people from interconnecting, and what the response has been from telcos to the proposed neutral IX. The speaker noted that there has been a good response from both the telcos and the civil bodies. The speaker also noted that the PHNOG members were particularly keen for this to proceed. Action items None. Top AS-path analysis: testing claims of Tier 1 status and examining BGP routing anomalies Gaurab Raj Upadhaya, NPIX Presentation [pdf] Transcript The speaker discussed work that he has been doing on AS path analysis. The starting point for this work was the claims of "tier-1" Autonomous Systems that they do not receive transit from any other ASes. This means that no more than two ASes within a specific AS path can make claims to be "tier-1". An examination of global data brings to light a number of anomalies in this formulation. Questions and discussion The Chair suggested a possible solution to the speaker's example involving Tiscali. The speaker encouraged providers in the AP region to provide information that might be of assistance to the project. Action items None. Top IPv6, what works, what doesn't Merike Kaeo, Double Shot Security Presentation [ppt \| pdf] Transcript The speaker discussed some of her experiences in building a dual stack network for Boeing. The presentation examined some of the issues that were encountered during the project, and some of the solutions that people around the world are currently implementing. Questions and discussion None. Action items None. Top Routing certification project update Geoff Huston, APNIC Presentation [ppt \| pdf] Transcript The speaker delivered an update on the progress of the routing certification trial currently going on within APNIC. The presentation included a brief background on resource certification and the need for it, and specific details of the APNIC trial, using X.509 Public Key Certificates and OpenSSL. Questions and discussion None. Action items None. Top Route Origination Authorization (ROA) with IRR Taji Kimura, JPNIC Presentation [pdf] Transcript The speaker discussed two ideas for the management of logics of resource certificates: the use of the IRR for "handy certificates", and an external ROA for ISPs for simplified deployment. Questions and discussion There was a comment that many of the ideas presented reflected the ideas of the design team within APNIC and the other RIRs. There was a question on how the currency of the IRR information would be maintained. It was also noted that many IRRs have similar, but conflicting data, and it was asked how this might be resolved. The speaker noted two ways that route operators could be motivated to clean the data within the IRR. Questions and discussion None. Action items None. Top Current Large ISP Security Practices Merike Kaeo, Double Shot Security Presentation [ppt \| pdf] Transcript The speaker discussed some of the findings of a survey of security practices of ISPs. Of particular concern are the level of understanding about the importance of security, the security policies that are in place, and ISP response capabilities. Questions and discussion There was a comment on "security pantomime" vs "real security", and whether the need to be being seen to be doing something is actually getting to the root of the problem. It was noted that the main problem may be that infrastructure can not distinguish between good packets and bad packets. The speaker noted that the problem means that ISPs end up being "police", while the responsibility should really lie with the end systems, and noted that the best you can do is ensure that your networks are as secure as possible. Action items None. Top Prevent DoS using IP source address spoofing Yoshinobu Matsuzaki, IIJ Presentation [ppt \| pdf] Transcript This presentation looked at Denial of Service attacks using IP spoofing (IP packets with source addresses other than those assigned to that host). The speaker looked at the various ways in which spoofing can be used to mount a DoS attack, and how these attacks can be prevented. Questions and discussion There was a question regarding URPF, noting that it may not be a solution to the problems caused by address spoofing. There was a comment on DNS reflection attacks, noting that any UPTP based service could be used as a reflector, and that there was no solution other than ingress filtering. Action items None. Top Open discussion on the APOPS new format There was considerable support for the new format from those in the room. It was noted that the content of the meeting had been of a very high standard, and that this was perhaps related to the various SIG Chairs working together as a program committee for APOPS. There was considerable support for the single stream format of the meeting program. It was noted that the new format allowed for a wide range of discussion topics. It was noted that the SIGs have not ceased to exist, and at the coming APRICOT meeting they will have their own meetings as part of the APRICOT program. Top Open action items None. Meeting closed: 5:40 pm Minuted by: Chris Buckridge Minutes \| APOPS

APOPS

Minutes

Wednesday 6 September, Grand Hi-Lai Hotel, Kaohsiung, Taiwan

Contents

Redundant Internet service provision - customer viewpoint

Kae Hsu, Seednet

Building an IP network management system

Shengyong Ding, China Telecom

About Botnet, and the influence that Botnet gives to broadband ISP

Masaru Akai, BB Technology

Impact of SMW4 on Bangladesh

Sumon Ahmed Sabir, BDCOM

Local peering situation in Philippines and PHNOG activites

Amante Alvaran, APNIC

AS-path analysis: testing claims of Tier 1 status and examining BGP routing anomalies

Gaurab Raj Upadhaya, NPIX

IPv6, what works, what doesn't

Merike Kaeo, Double Shot Security

Routing certification project update

Geoff Huston, APNIC

Route Origination Authorization (ROA) with IRR

Taji Kimura, JPNIC

Current Large ISP Security Practices

Merike Kaeo, Double Shot Security

Prevent DoS using IP source address spoofing

Yoshinobu Matsuzaki, IIJ

Open discussion on the APOPS new format