The COVID-19 pandemic has changed the world, from how we work, to how we interact. Everyone’s lives have been impacted in one way or another. The Internet featured even more prominently in our lives now more than ever. Göran Marby, ICANN President and CEO, will share his top concerns about today’s Internet. How secure and safe is it? Should we build more regulations and policies as the Internet welcomes the next billion Internet users onboard? How can the Internet community continue to do its work when travel and in-person meetings remain to a challenge?

A look at the current efforts to improve aspects of privacy in the DNS and an assessment of their effectiveness. The presentation os not overly optimistic about the prospects for widespread adoption, becuase, as the presentation points out, the economy of DNS name resolution is not all that susceptible to innovation. This is perhaps the biggest barrier to adoption of any of the privacy proposals.

There have been many recent concerns about TCP MD5. Its use of a simple keyed hash for authentication is problematic because there have been escalating attacks on the algorithm itself. TCP MD5 also lacks both key-management and algorithm agility.

In this talk I want to present an often talked about but till now never implemented solution to this issue; The TCP Authentication Option(TCP-AO). Nokia, Cisco and Juniper now have production code available so it is time to start replacing MD5 with TCP-AO to secure BGP and other (long-lived) TCP connections.

A look at the previous year in BGP, looking at the change in the size of the routing table and its dynamic behaviours. The presentation predicts the future growth of the network in the coming years based on this data. It is intended to be a short update.

The presentation focuses on RPKI invalid prefixes in the South Asian region. Over the past one year there have been tremendous improvements in terms of RPKI valid prefixes but the invalid prefixes consistently existed. With some simple diagrams and examples, it has been analyzed to get more concentration of the South Asian network operators.

The presentation intends to create awareness on RPKI and routing security in general.

Recent updates to communications and cybercrime legislation in many countries have meant that an increasing number of network operators are finding themselves having to comply with lawful interception regulations. However, this can be a very expensive and time consuming problem to solve and many network operators in the APNIC region will find that the commercial vendor solutions for lawful intercept are not affordable.

In this talk, I will introduce the OpenLI project, which is an open-source implementation of the ETSI Lawful Intercept standards that are used throughout the world. OpenLI was created in response to a legislative change in New Zealand that required almost all network operators to be capable of producing real-time, ETSI-formatted traffic intercepts on demand. OpenLI has since been adopted by multiple New Zealand ISPs and has been attracting interest from operators in other countries as well. I will also reflect on some of the lessons we have learned along the way and how we hope to keep the project growing in the longer term.

This presentation will continue to describe a CORD (Central Office Re-architected as a Datacenter), an open-source solution for service providers, but with a different part of implementations. Presentation in previous APRICOT 2020 describes solutions for SDN/NFV-based fabrics inside the DC-like CO, called a Trellis. This presentation describes solutions to connect residential users to the CO for delivering broadband Internet access. This solution is called a SEBA, which is a lightweight platform based on a variant of R-CORD. It supports a multitude of virtualized access technologies at the edge of the carrier network, including PON, G.Fast, and eventually DOCSIS and more. SEBA supports both residential access and wireless backhaul and is optimized such that traffic can run a 'fast path' straight through to the backbone without requiring VNF processing on a server. SEBA includes NEM (Network Edge Mediator), which leverages the XOS toolchain to provide mediation to different operators' backend management/OSS systems and FCAPS support to operationalize the platform.

AT&T has deployed live field trials of SEBA in Atlanta and Irving, Texas. The operator is using the platform to provide low-latency home internet access via white-box hardware to 500 homes. The current access network uses FTTC/FTTH with a two-tiered central office architecture that leverages ONF's SEBA. With 8,000 tier 2 central offices serving approximately 30,000 customers, Turk Telekom's two SEBA deployments in Turkey and plans for ongoing commercial site integration of SEBA within TT's network to connect more than 49 million subscribers.

This presentation summarises the development in network infrastructure in 2020, looking at the impacts of COVID-19, Internet bandwidth trends, colocation and on-ramps, IP transit pricing and trends, and concludes with a look at what might be next.

It is very common to make mistake during configuration of BGP, specially while entering ASN for prepend. Just to find out how bad the problem is I looked up the data from MANRS Observatory [source: bgpstream.com] for last 3 years to check any possible hijack event involving ASN from 1 to 10 and any ASN which doesn't look right e.g. AS1111111.

These are mistakes but definitely considered as hijack. In this presentation I will review the data of these year and highlight major incidents.

The Tokyo Olympics are scheduled to take place in 2021. However, it is necessary to prepare for large-scale cyber-attacks that may occur at every Olympics. When cyber attacks are targeted at facilities located in Tokyo and Osaka, ISPs in local areas will not be able to resolve names. The Internet could become logically divided in Japan.

The goal of this project is to enhance the DNS resiliency against logical Internet divide. In this exercise, we have deployed local nodes, so that DNS name resolution can continue even in the event of a DDoS attack on DNS servers in Tokyo and Osaka.

ProjectBASS is a mobile app used to measure internet bandwidth. As covid rampaged over the country, the data we collected proved useful for many other applications.

We not only help telcos/isp monitor their bandwidth, but also Educational, Economic, Health and other sectors as well.

In order to operate networks with large numbers of devices, network operators organize networks into multiple smaller network domains. Each network domain typically runs an IGP which has complete visibility within its own domain, but limited visibility outside of its domain. Seamless Segment Routing (Seamless SR) provides flexible, scalable and reliable end-to-end connectivity for services across independent network domains. Seamless SR accommodates domains using SR, LDP, and RSVP for MPLS label distribution as well as domains running IP without MPLS (IP-Fabric).

Centralized functions reduce the burden of manual data sharing, monitoring, and reporting. The optimized security operations model requires adopting a security framework that makes it easier to integrate security solutions and threat intelligence into the day-to-day process. This talk is all about working with the maturity model, People, Process, and Technology; which is basically based on the project that I have completed last May 2020 for my current organization.

IP Flexalgo allows Intradomain Gateway Protocols (e.g., IS-IS, OSPF) to steer packets along constraint-based paths. Unlike other traffic engineering mechanisms, it does not rely on forwarding plane encapsulation. It can be deployed in the absence of MPLS and IP-in-IP encapsulation. It can also be deployed in the absence of RSVP and Segment Routing.

This talk covers about RPKI ROA push in India with a focus on how we tracked signed prefixes on daily basis and ran an outreach which resulted in a jump from 12% in July 2020 to 42% now. This also covers the working of rpki.anuragbhatia.com on how it tracks countries in Asia for their RPKI ROA status.

Securing your Network using Shadowserver Reports helps organizations learn about this unique public benefit tool.

What if there was a public benefit, free to use, security report that provided you a complete overview of your security risk? What if this tool allowed you to see what the bad guys are seeing on your network? What if this tool highlighted devices that are infected with malware? What if this tool lets you know when your devices are out of security compliance. Wouldn't that be nice if every network had access to this type of reporting?

This daily report exists today! Shadowserver's Daily Network Report is a public benefit tool that provides +80 reports on your network organization. It is a public benefit service funded by the community for the community. This session will walk through how Shadowserver builds these reports, what you receive in your daily updates, and how to effectively use these reports to secure your network. This online class will help each organization to apply to receive these reports. We will close with an example of a mobile operator who used Shadowserver's Daily Network Reports as the only source of threat intelligence to lock down their network.

The Global internet routing table is growing over the years and will cross the 1024k number sometime in 2022 for many operators. The objective of this presentation is to sensitize the operator community to review the state of networks and possible hardware and software limits that they may be ignoring as we approach these special numbers - 1024k and 128k

This presentation briefly goes through the event on August 12th, 2014 when the global internet routing table crossed the 512k limit. There were some incidents and observation on operator networks during the 512k event that are worth considering for future planning.

The presentation refers to some brilliant work, and research done on BGP table growth and prediction by researchers and reports from APNIC. As operator networks reach 1024k v4 prefixes and 128k v6 prefixes on their router tables, the approach suggests a proactive review and preparedness ahead of time. The focus should be on their network hardware estate to identify devices with hardware limits for v4 and v6. There is also definitive need to operator's routing configuration standards including knobs for protocols. Network operating system configuration and features though may look identical across network vendors but their behaviors can have subtle variations that are worth understanding for further actions. An example of maximum prefix limit is considered for explanation. The presentation closes with an earnest submission on need for proactive review and optimization on operator's production networks to sustain network hygiene, security and availability of Internet.

We introduce graph methods used to isolate large volumes of spam into campaigns for malware identification. This novel, but simple and intuitive approaches, reduces the burden of analysis with surprisingly high accuracy. These approaches have led to the discovery of multiple actors, including WordyThief, a Russian criminal that distributes information stealing malware via spam.

This talk explains how Hurricane Electric deployed RPKI ROA validation in its network and reports on the current state of RPKI, the trends in ROA creation, and how RPKI does and does not protect the Internet.

The presentation provides an update about the National Internet Exchange of Afghanistan, traffic levels, as well as the peering landscape and interconnection futures in Afghanistan.

During this presentation I will go through the latest developments and tools that available via the IXPDB. These tools can be used by networks, IXPs and researchers to gain real-time trusted interconnection data provided directly from IXPs.

Data centers are not just about redundancies, resiliency, or continuity. It is also about the ecosystem within. In the absence of an ecosystem, it is a plain and simple real estate and power offering. The creation of value beyond space and power is the heart of the data center and the reason why it thrives.

This presentation examines the thriving datacentre ecosystem in the Philippines.

China's first IXP has been founded recently. We make a brief introduction about how it is to operate an IXP in China and the major challenges we meet from the start. Meanwhile, we would like to introduce the efforts we made to protect routing security at IXP through BGP route collection and detection.

This session is an opportunity for Internet Operators, Internet Exchange Points, and DataCentres hosting Internet Exchange Points to share their coordinates and technical details with the members of the peering community.