APNIC

APNIC 56 is happening next month in Kyoto, Japan. This would be my third-time travel to Japan and besides meeting network operators around the region at the event, I will be doing a one-day tutorial on Network automation with Christoff Visser from IIJ research labs and Abdul Awal from APNIC. The agenda is similar to (though a subset) of network automation workshops I have done over the last few months across different events. Tutorial typically is a “view only” event where the audience would be presented with content in the form of slides, live terminal demo etc. It does not involve a hands-on workshop for the attendees as one day time won’t support that.

Next month will be APRICOT 2023 which is exciting. The last in-person event of such kind was in Feb 2020 in Melbourne. Later APRICOT 2021 & 2022 were completely online (similar to other NOGs). This year’s APRICOT will be in Manila, Philippines. On the agenda will be meetings with network operators, CDNs and internet exchanges in the region. Along with that, I will be doing a 5-day long workshop on “Network Automation for Network Engineers”. This will be a step-upgrade from the last one I did at SANOG 38. One day extra gives me the option to add a CRUD-based app besides REST APIs. Plus I think 5 days will be the longest ever I have ever done in past.

Yesterday there was an article in the Indian paper Financial Express with the title “OTTs may have to pay access charge to telcos”.

Quoting a few points from the article:

• Social media intermediaries like WhatsApp, Facebook and Twitter, and over-the-top (OTT) players like Netflix, Prime Video and Disney+Hotstar may have to pay a carriage charge to telecom service providers
• Data, particularly video, comprises 70% of the overall traffic flow on telecom networks, and this would grow further with the rollout of 5G services
• Upon reference from the DoT, Trai is currently studying various possible models under which OTTs can be brought within the purview of some form of regulation
• According to sources, an interconnect regime is a must between OTTs and telcos because as 5G services grow, there would be immense data/ video load on networks, which may lead to them getting clogged or even crashing at times.

This concept of “OTTs must pay” is not new. This has been argued a few times in past. Exactly ten years ago in 2012 I wrote a blog post about Bharti Airtel expecting Google/YouTube to pay. At that time they could not convince OTTs to pay. Why is this renewed interest now? Well, that has to do with the first SK Telecom (South Kore telecom) Vs Netflix court case in South Korea where SK Telecom claimed that a large part of bandwidth utilization was because of Netflix and hence they should pay a “fair share” of their traffic which they lost. Soon around this multiple of large telecom monopolies in Europe started this discussion in their respective geography. Four of the top EU players - Deutsche Telekom, Orange, Vodafone and Telefonica are of opinion that OTTs should share the burden (news here). And hence Indian telcos possibly looking to renew this debate.

Upcoming presentations

Next week will be APNIC 54 conference followed by SGNOG 9 (Singapore Network Operators Group) event. I will be attending both events. At APNIC 54 I will be doing a short tutorial on “Running Containers in Production” with CI/CD pipelines with a focus on its utility in network engineering and also a panel discussion on “World IPv6 2022 - the story behind the events”. This should be fun!

So based on my friend - Abdul Awal’s tweet, I started looking at the latest RPKI ROA data for India. His Tweet came when I was in the middle of moving my blog from WordPress running over LXC containers to now WordPress over docker with Bitnami image. Bit of optimisation is still pending.

My routing security project with @nsrcworld & @mozilla started in Oct-19 to improve #RPKI deployment in South Asia+Myanmar. The two graphs show tremendous growth in RPKI and how #INDIA is lagging behind. @anurag_bhatia @RoutingMANRS @routinator3000 @AbuseIp @routingtablepod pic.twitter.com/HAb93XED5C

A friend of mine buzzed me yesterday about his missing route objects. Later multiple other ISPs told the same story which triggered me to put this as a question on INNOG Mailing list. Many folks replied of missing route objects there and it seems to be limited to IRINN members only. I also asked the same question on APNIC mailing list and it was again confirmed about the issue.
Before I proceed further, here’s what it is all about.

While I am spending time on APNIC’s security workshop here at APNIC 46, I got curious about DNSSEC deployment across ccTLDs. 

For those who may be unaware, DNSSEC adds signature the DNS responses making it possible to cryptographically verify a DNS query response. 

Out of 254 ccTLDs, 125 support DNSSEC with a published DS record (at least that is what I get when I check their zone) and 129 do not support it as yet. So, for now, it is at 49.21%. 

Often this comes into the subnetting discussion by my friends who are deploying IPv6 for the first time. How do you calculate subnets outside the 4-bit nibble boundary? This also happens to be one of starting points of APNIC IPv6 routing workshop where I occasionally instruct as community trainer.

So what is a Nibble boundary?

In IPv6 context, it refers to 4 bit and any change in multiple of 4 bits is easy to calculate. Here’s how: Let’s say we have a allocation: 2001:db8::/32. Now taking slices from this pool within 4 bit boundry is quite easy. /36 slices (1 x 4 bits) 2001:db8:0000::/36 2001:db8:1000::/36 2001:db8:2000::/36 and so on… /40 slices (2 x 4 bits) 2001:db8:0000::/40 2001:db8:0100::/40 2001:db8:0200::/40 /44 slices (3 x 4 bits) 2001:db8:0000::/44 2001:db8:0010::/44 2001:db8:0020::/44 /48 slices (4 x 4 bits) 2001:db8:0000::/48 2001:db8:0001::/48 2001:db8:0002::/48 Clearly, it seems much simple and that is one of the reasons we often strongly recommend subnetting within the nibble boundary and not outside for all practical use cases. However understanding why it’s easy this way, as well as things like how to subnet outside nibble boundary for cases, say if you are running a very large network and have a /29 allocation from RIR.

APNIC and RIPE NCC are doing a hackathon at APRICOT 2018. It just started today with some light interaction with various participating members yesterday. The theme of the hackathon is around IPv6. Many cool projects were suggested yesterday and teams started working today on certain shortlisted projects like:

1. A tool for ranking CDNs - A tool based on RIPE Atlas data to rank CDNs based on latency across different regions.
2. An IPv6 fun word game - Where anyone with a member account can suggest a word, and compete with other members who share more IPv6 addresses. It may include things like showcasing creative use of hexadecimal strings in an IPv6 address like Facebook popularly does face:b00c in their IPv6 pools.
3. IPv4 and IPv6 network security  - Study of attacks and overall security in IPv6. It would involve study and possibly a report on various attack vectors in the IPv6 domain.
4. A countrywide report on IPv6 deployment - I have yet to see how it is different from existing other reports.
5. IPv6 tunnel detection - Figuring out where tunnels used and figuring out the IPv4 address of those endpoints via a javascript plugin and possibly comparing IPv4 Vs IPv6 performance.

Let’s see how things go in next 12hrs. Super fun. Things should show up on Github in next few hours. :)

Talking about root DNS server’s anycast at APNIC42. YouTube here.