Authors: Dr Di Ma, Afifa Abbas, and Aftab Siddiqui.
APNIC Special Interest Groups (SIGs) provide an open public forum to discuss topics of interest to APNIC and the Internet community in the Asia Pacific region. APNIC currently hosts four SIGs that meet twice a year at APNIC conferences. They’re a great way to participate in discussions related to managing Internet numbers, routing security, Internet policy and governance, and get important updates from the National Internet Registries (NIRs) in the region.
What happens at the Routing Security SIG?
The Routing Security SIG is a platform to discuss operational issues and best practices to secure global Internet routing. Network operators share how routing security impacts their operation and changes they’d like to see in routing security. Speakers are drawn from many different parts of the Internet ecosystem, including registries, ISPs, IXPs, CDNs, vendors, and researchers sharing their insights and novel approaches to routing security.
The SIG also works as an advisory and supporting organization to review the technical elements of policy proposals concerning routing security to advise the APNIC community.
Recent Routing Security SIGs
The SIG held its first meeting at APNIC 49 (APRICOT 2020) and has since met a further five times. Recordings and slides from the last two meetings are available here:
The SIG also conducted a survey after the Open Session in October 2021 to gauge responses from the community to implement services by APNIC. Here are the results of that community survey (they were also shared on the SIG mailing list):
- ROA notification — When a route object is created, a system-generated notification is sent to the technical contact of the origin Autonomous System (AS) in the route object. Whereas there is no notification when a Route Origin Authorization (ROA) is created. Should there be an email notification when ROA is created?
- 52.4% said yes there should be a notification.
- 33.3% said yes there should be a notification, but it should be an opt-in feature.
- 9.5% said no as it would create too many notifications.
- 4.8% said they weren’t sure, and that the topic needs more discussion.
- Those who answered yes were then asked if it is appropriate to have a webhook option to connect to receive these notifications through third-party applications such as Slack, Discord, or similar.
- 47.6% said webhooks are much better than emails.
- 28.6% said email notifications are fine.
- 23.8% said they weren’t sure, and that the topic needs more discussion.
- The community was then asked if they support APIs for ROA management, either via MyAPNIC to manage ROAs or self-hosted RPKI (using KRILL, which supports API for ROA management).
- 66.7% said yes.
- 19% said no.
- 14.3% said maybe, and that the topic needs more discussion.
The APNIC services team is expected to present the cost benefits of implementing these features during APNIC 54.
Get involved at APNIC 54
The Routing Security SIG is technical and very relevant to network operators. There is still much work to be done in improving routing security in the APNIC community and this SIG shares best practices and knowledge that can help local communities to overcome the challenges of deploying routing security.
The Routing Security SIG at APNIC 54 will be held on Wednesday 14 September 2022 at the Grand Hyatt Singapore with online participation for remote attendees.
We, the SIG Chairs, invite you to discuss important topics relevant to the operations community and share your ideas to improve routing security in the region and globally. Good ideas come from everywhere!
An election will be held for the position of Routing Security SIG Chair during this conference. If you would like to nominate yourself or somebody else, to serve as a Chair, please do so before the deadline. More details here.
Want to learn more and get involved? Join the Routing Security mailing list.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.