![Page 1: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/1.jpg)
Zen Ng
5th November 2019
JBIX Peering Forum
Your IP
Your Network
![Page 2: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/2.jpg)
Asia Pacific Network Information Centre
2
A global, open,
stable and secure
Internet that serves
the entire Asia
Pacific community
![Page 3: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/3.jpg)
Where is the APNIC Region?
![Page 4: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/4.jpg)
APNIC region
We serve 56
economies and
7000+ Members
![Page 5: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/5.jpg)
Where do IP addresses come from?
5
LIR
End
user
Eg :
![Page 6: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/6.jpg)
Membership
6
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
20000
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Members NIR Members Projection
As at 31 July
![Page 7: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/7.jpg)
IPv4 delegations
7
0
500
1000
1500
2000
2500
3000
3500
4000
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
East Asia Oceania South East Asia South Asia Projection
As at 31 July
![Page 8: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/8.jpg)
Who are our Members?
![Page 9: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/9.jpg)
Available IPv4 /8s in Each RIR
September, 2019
9
![Page 10: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/10.jpg)
10
How to submit your application to APNIC?
![Page 11: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/11.jpg)
www.apnic.net/apply
11
![Page 12: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/12.jpg)
Why apply for your own IP address?
Choose your peering and upstream providers
as your IP addresses are portable
Reduce the overhead of renumbering your network
Get MyAPNIC access to manage your Internet
resource and secure routing
Up to four free APNIC conference registration
12
![Page 13: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/13.jpg)
13
What’s next?
APNIC Routing Registry and ROAs
![Page 14: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/14.jpg)
APNIC database and the Internet Routing
Registry (IRR)
• APNIC Whois Database
– Two databases in one
• Public network management database
– Whois information about networks and contacts (IP addresses, ASNs
and so forth)
• Routing Registry (RR)
– Contains routing information (routes, filters, peers and so forth)
– APNIC RR is part of the global IRR
![Page 15: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/15.jpg)
APNIC RR NRTM agreements
APNIC RR
RADB JPIRR NTT
CNNIC AFRINIC IDNIC
![Page 16: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/16.jpg)
Routing Registry objects
16
route
route6 as-set
route-set
rtr-set
peering-set
filter-set
aut-num
![Page 17: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/17.jpg)
route and route6 object
17
Represents a single IPv4/IPv6 route injected into the Internet routing mesh.
route6: 2001:df2:ee01::/48
descr: Prefix for APNICTRAINING LAB DC
origin: AS45192
mnt-by: MAINT-AU-APNICTRAINING
last-modified: 2016-06-23T14:32:38Z
source: APNIC
route: 202.125.97.0/24
descr: Prefix for APNICTRAINING LAB DC
origin: AS45192
mnt-by: MAINT-AU-APNICTRAINING
country: AU
last-modified: 2016-06-16T23:23:17Z
source: APNIC
![Page 18: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/18.jpg)
aut-num object
18
Contains details of the registered
holder of an Autonomous System
number and their routing policy for
that AS.
aut-num: AS24021
as-name: APNICRANDNET-TUI-AU
descr: TUI experiment
country: AU
import: from AS1221
action pref=100;
accept ANY
import: from AS109
action pref=100;
accept ANY
export: to AS1221
announce AS24021
export: to AS109
announce AS24021
default: to AS1221
action pref=10;
networks ANY
![Page 19: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/19.jpg)
as-set object
19
A group of Autonomous Systems with the same routing policies.
as-set: AS17821:AS-APNICTRAINING-ISP
descr: AS-SET for APNIC Training ISP
tech-c: AT480-AP
admin-c: AT480-AP
mnt-by: MAINT-AU-APNICTRAINING
members: AS131107, AS45192, AS135541, AS135540, AS135533
members: AS135534, AS135535, AS135536, AS135537, AS135538
last-modified: 2018-12-28T02:41:05Z
source: APNIC
![Page 20: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/20.jpg)
RPKI: ROA
• ROA (Route Origin Authorization) is a digitally signed,
cryptographic object which is generated by the Resource
Certification service.
• What’s contained in a ROA?
– The AS number you have authorized
– The prefix that is being originated from it
– The most specific prefix (maximum length) that the AS may
announce
![Page 21: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/21.jpg)
Resource Certification
21
Measure 1/1/2018 Current Growth
Members with certs 13.0% 14.4% 1.4%
Members with ROAs 7.4% 9.0% 1.6%
IPv4 under ROAs 3.3% 5.0% 1.7%
IPv6 under ROAs 0.9% 5.85% 4.95%
apnic.net/rpki
![Page 22: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/22.jpg)
ROA adoption in SEA
22
Country
ROA Adoption Rate (%)
Philippines 84.12%
Laos 69.14%
Myanmar 56.95%
Thailand 51.47%
Cambodia 40.32%
Vietnam 9.36%
Indonesia 6.57%
![Page 23: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/23.jpg)
How is Malaysia doing?
23
https://lirportal.ripe.net/certification/content/static/statistics/world-roas.html
![Page 24: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/24.jpg)
Take control of your routing security
24
![Page 25: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/25.jpg)
RPKI Status – Global
Valid 10.05%
Invalid 0.79%
https://rpki-monitor.antd.nist.gov
![Page 26: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/26.jpg)
RPKI Status – APNIC Region
Valid 5.10%
Invalid 0.94%
• Provide tools in MyAPNIC to
ensure your ROA are up to date?
https://rpki-monitor.antd.nist.gov
![Page 27: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/27.jpg)
Next conference
27
APRICOT 2020
Melbourne, Australia
12 to 21 February 2020
![Page 28: Your IP Your Networkpf.jbix.my/wp-content/uploads/2019/11/Zen-Your-IP-Your-Network.pdfRPKI: ROA •ROA (Route Origin Authorization) is a digitally signed, cryptographic object which](https://reader036.vdocuments.us/reader036/viewer/2022071216/6048bfae50e0d168bc7a18ac/html5/thumbnails/28.jpg)
28