Deploy360 19 February 2016

PhNOG: Thriller in Manila

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

PhNOG 2016Kevin Meynell and Jane Coffin from ISOC participated in the PhNOG Conference 2016 which was held on the 25th of January 2016 in Manila, The Philippines. This was organised by the Department of Science and Technology – Advanced Science and Technology Institute (DOST-ASTI), in partnership with the Philippine Network Operators’ Group (PhNOG) and the Trans-Eurasia Information Network Network Cooperation Center (TEIN*CC) with sponsorship provided by the Internet Society, APNIC, NSRC and others.

The event featured some interesting topics with a mixture of international and local speakers that attracted over 100 attendees. Credit must go to the Programme Committee for putting together such a good programme. The presentations have unfortunately not yet been made publicly available, but we believe they will be published soon and will let you know when they are.

Jane gave a presentation on the Management and Sustainability of IXPs with particular reference to the Philippines Open Internet Exchange (PHOpenIX). Kevin followed this up by providing an overview of Deploy360 and its resources on IPv6, DNSSEC, TLS and secure routing, as well as ISOC’s work in encouraging the development of Best Current Operational Practices (BCOPs) in the different regions around the world. He also introduced MANRS which aims to build a community of security minded operators promoting collaborative responsibility through filtering, anti-spoofing, coordination and global validation actions which elicited some interest from the audience.

It’s worth highlighting a couple of other presentations though. George Michaelson provided another excellent presentation, this time on the state of RPKI. As some may know, RPKI is an exercise in being able to validate that Internet number resources (IP addresses and AS numbers) are held by a particular Local Internet Registry (LIR), with the longer-term goal being secure BGP. George gave some very good examples of how absurdly easy it currently is for bad guys to fake authority in order to hijack or otherwise persuade others to route fake prefixes, and there were at least 2,000 known cases of this happening globally.

APNIC has developed a prototype tool to see which IP address ranges in each country/economy in the Asia-Pacific region are protected by a Route Origin Authorisation (ROA). ROAs attest that particular AS numbers are authorised to originate particular IP prefixes (i.e. specific ranges of IP addresses), and are cryptographically signed by the holders of these resources using RPKI certificates issued by Regional Internet Registries (RIRs) such as APNIC.

The Philippines actually has quite an impressive number of ROAs in comparison to many other countries/economies, although this still constitutes less than 5% of all prefixes. There needs to be a lot more signed prefixes in order to gain critical mass in being able to undertake reliable checks on who controls the number resources.

Another interesting presentation was from Kam-Sze Yeung on Akamai’s State of the Internet report for 2015. We have previously reported on this, but as a major content delivery network provider, Akamai is able to collate substantial amounts of data on many metrics including connection speeds, network availability, traffic patterns, and IPv6 adoption. Unfortunately, the Philippines does not feature particularly highly on many of the rankings which is no surprise to the local network operators, although is by no means bottom of the league in this respect.

All-in-all it was a useful and informative event to have attended, as well as having the opportunity to make contact with and engage with an active community of network operators. Following the PhNOG event, the ISOC staff also attended the co-located APAN 41 meeting.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...