In an earlier post, I explained Telekom Malaysia’s (TM) (ASN4788) RPKI journey and goal in detail. To briefly recap, TM was founded in 1984 and has since become Malaysia’s (MY’s) largest provider of various telecommunications services. In recent years, we recognized the importance of RPKI and Route Origin Authorization (ROA) as a preventative measure against security issues.
TM’s journey began by installing RPKI validators in their BGP systems and updating ROAs. The initiative required engagement with higher management and careful planning, including a lab setup to test and validate configurations. We overcame the challenges of updating node versions, choosing the right validators, and handling issues with older vendor software.
After successful lab tests, TM deployed RPKI in production, starting with a pilot phase. Learning from the pilot, we standardized configuration parameters across vendors and carefully monitored invalid routes to minimize unintended traffic drops.
The deployment process included extensive communication with upstream and peering partners and despite some initial delays, by November 2023 TM was dropping invalids.
The trophy
Fast forward to June 2024 and across all peering and upstream connections worldwide, the result of this effort is a ‘Greener MY’ (in terms of statistics, that is). Before execution, data from APNIC Labs indicated that the I-ROV filtering rate in Malaysia remained at a stagnant linear percentage.
However, after TM completed dropping the invalid routes, that percentage significantly increased to around 25%. This marks a substantial growth, changing the indicator for Malaysia from amber to green, as Tables 1 and 2, and Figures 1 and 2 show.
Date | IPv4 | IPv6 |
January 2024 | ~2% | ~1% |
June 2024 | 28% | 26% |
Date | IPv4 | IPv6 |
January 2024 | ~1% | ~1% |
June 2024 | 99% | 99% |
All the planning, validation, and execution efforts by the team were entirely worth it. It was never about being the first or the biggest from the beginning; it was about protecting our customers from route hijacking and contributing to a cleaner Internet ecosystem.
We’ve done it and will continue to improve to ensure everything remains secure and in place.
I’d like to once again emphasize the importance of seeking help and collaboration in such projects. Deploying and dropping invalid routes isn’t difficult with the technical expertise of APNIC and the support of vendors and partners.
Muzamer Mohd Azalan is currently attached to the Core IP Development team in Telekom Malaysia. He has 14 years of working experience in Network Operations and Development teams. His interests are in routing protocols, routing security, and SDN. Muzamer also volunteers as an APNIC Community Trainer.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.