Senior Internet Resource Analyst, Elly Tawhai, presents on IXPs and cybersecurity at the PITA 22 AGM in Guam from 23 to 27 April 2018.

1. Issue Date:
Revision:
Addressing interconnection
and security in the Pacific
Elly Tawhai
Senior Internet Resource Analyst/Liaison Officer, Pacific

2. Agenda
• About IXPs
• Value of local IXP
• IXP and regulators
• Successful IXP deployment
• Support by APNIC
• Cyber security
2

3. High Level View of the Global Internet
3
IXPR4
Global Providers
Regional
Provider 1
Access
Provider 1
Customer Networks
Access
Provider 2
Regional
Provider 2
Content
Provider
1
Content
Provider
2

4. Categorizing ISPs
4
Tier 1 ISP
Tier 1 ISP Tier 1 ISP
Tier 1 ISP
$
$
$
$
$
$
$
$
$
$
$
$
$
$
$
Tier 2 ISP
IXP
Tier 3 ISP
Tier 2 ISP Tier 2 ISP
Tier 2 ISP
IXP
Tier 3 ISP
Tier 3 ISP Tier 3 ISP
Tier 3 ISP
Tier 3 ISP
The Value of Peering: ISP/IXP Workshop by Philip Smith

5. Value of local IXP
5
• Main objective is to keep local traffic local
• Helps bypass third-party network infrastructure for direct
traffic exchange
– Reduce cost
– Enhance network performance
– Reduce latency
– Removal of bandwidth constraints between participating ISPs

6. Peering and Transit example
provider A
provider C
provider B
Backbone
Provider D
A and B peer for free, but need transit
arrangements with D to get packets to/from C
IXP-West
IXP-East
6

7. Public Interconnect
7
• Location or facility where several ISPs are present and
connect to each other over a shared common media
– Usually a peering arrangement between their networks
– Save money, improve performance, reduce latency
The Value of Peering: ISP/IXP Workshop by Philip Smith

8. Peering Models
• BLPA (Bi-Lateral Peering Agreement)
– IX will only provide layer two connection/switch port to ISPs
– Each ISP will make necessary peering arrangement with others by
mutual business understanding
• MLPA (Multi-Lateral Peering Agreement)
– IX will provide layer two connection/switch port to ISPs
– Each ISP will peer with a route server on the IX
– Route server will collect and distribute directly connected routes to peers
• Mandatory MLPA
– Operators are forced to peer with each other as condition of IXP
membership
– Strongly discouraged: Has no record of success
8
The Value of Peering: ISP/IXP Workshop by Philip Smith

9. IXP Operating Cost
• Server Room / Data Center
• Rack Space & Equipment Power (with backup)
• Cooling
• CCTV Camera and other physical security measures
• Fiber access
• Administration and Technical support
9

10. IXP Operating Model
• Not for profit
• Cost sharing
• Membership based
• Neutrality is the most important, even at the beginning
• Expansion can be done gradually, together with the growth
10

11. Important Features of IXP Site
• Proximity to potential members/participants networks
• Availability of electric power, backup supply or generator
• Availability of cooling
• Options, availability, capacity and reliability of
telecommunication links – carrier neutral
• Access to Fiber facilities or rights of way
11

12. Important Features of IXP Site
• Ability to build antenna towers or dig trenches for fiber
• Ease of access (RFID Based for physical security)
• 24 X 7 X 365 access for IXP authorized member staff
• Quality of physical security. CCTV, 24 hour monitoring
• Availability of additional rack space for growth
12

13. Who can join an IXP?
• Any organisation which operates their own autonomous
network, as well as:
– Address space
– AS number
– Transit arrangements
• Includes:
– Commercial ISPs
– Academic & Research networks
– Internet infrastructure operators (eg Root/ccTLDs)
– Content providers
– Broadcasters and media
– Government Information networks
13
202.178.112.1
2401:3E00:DD::1
AS52378
.... .. .
.... .. .
Local content

14. IXP and regulators
• When the domestic IP network environment has been
developed and is competitive
– Regulator keeps a neutral stance toward peering
• When the domestic IP network is under developed and/or
there is little competition
– Regulator encourages coordination and cooperation among ISPs
– Regulator may intervene and/or encourage peering
14

15. APNIC supports IXPs
• APNIC supports IXP development in the region by
collaborating with other organizations (ICANN, ISOC, and
NSRC)
• APNIC supports IXP activities, for example APIX meetings,
at APRICOT and APNIC meetings
• Join us at APNIC 46!
15
https://conference.apnic.net/46/

16. Successful IXP deployment
16
• Vanuatu IXP – VIX
– The initiative dates to 2012, when five ISPs formed an MoU (Telsat,
Digicel, Can’L, SPMI and Vanuatu Government)
– VIX went live in Feb 2014
– Invited APNIC February 2018 to hold IXP workshop
• PNG IX
– Initial initiative taken by NICTA in 2014 to setup IXP
– Invited APNIC January 2017 to help setup the IXP
– PNG neutral IXP launch May 2017
• Fiji-IXP
– TAF facilitated discussions
– APNIC held IXP workshop in November 2017
– Launch in December 2017

17. Capacity Building in the Pacific –
Cyber Security
• Many economies are building or strengthening their cyber
security initiatives
• Many areas:
o Governance – Strategy
o Awareness - for end-users & organisations
o Incident Handing & Response
• APNIC plans to increase support for capacity development
in the region
o Empowering resources to support those local initiatives (i.e. setting
up CSIRT)
o Working with partners including APCERT members, FIRST.org
17

18. APNIC Incident Response Technical
Training
• CERTs are an enabler and only one part of the security
ecosystem
• CERT core functions are incident response, coordination,
information sharing
• Incident response is multistakeholder, security requires
community support
• Start small with quick wins and low upstart costs
• Commit and invest long term, growing capacity as
demand/capability grow
• Leverage regional events and partners
18

19. Pacific CERT actitvies
19
• Tonga CERT
– High-level multistakeholder CERT meeting in May 2016
– APNIC workshop
– Launch of CERT Tonga in July 2016
• PNG CERT
– Initial CERT discussion with NICTA in May 2017
– APNIC workshop
– Launch of PNG CERT in February 2018
• Working with Samoa, Vanuatu and Fiji
– To help build incident response capacity

20. Pacific CERT actitvies
20
• Tonga CERT
– High-level multistakeholder CERT meeting in May 2016
– APNIC workshop
– Launch of CERT Tonga in July 2016
• PNG CERT
– Initial CERT discussion with NICTA in May 2017
– APNIC workshop
– Launch of PNG CERT in February 2018
• Working with Samoa, Vanuatu and Fiji
– To help build incident response capacity

21. Questions?
Elly Tawhai
elly@apnic.net