Telekom Malaysia lights up RPKI statistics

By on 26 Jul 2024

Category: Tech matters

Tags: , ,

Blog home

Adapted from Moritz Kindler's original at Unsplash.

In an earlier post, I explained Telekom Malaysia’s (TM) (ASN4788) RPKI journey and goal in detail. To briefly recap, TM was founded in 1984 and has since become Malaysia’s (MY’s) largest provider of various telecommunications services. In recent years, we recognized the importance of RPKI and Route Origin Authorization (ROA) as a preventative measure against security issues.

TM’s journey began by installing RPKI validators in their BGP systems and updating ROAs. The initiative required engagement with higher management and careful planning, including a lab setup to test and validate configurations. We overcame the challenges of updating node versions, choosing the right validators, and handling issues with older vendor software.

After successful lab tests, TM deployed RPKI in production, starting with a pilot phase. Learning from the pilot, we standardized configuration parameters across vendors and carefully monitored invalid routes to minimize unintended traffic drops.

The deployment process included extensive communication with upstream and peering partners and despite some initial delays, by November 2023 TM was dropping invalids.

The trophy

Fast forward to June 2024 and across all peering and upstream connections worldwide, the result of this effort is a ‘Greener MY’ (in terms of statistics, that is). Before execution, data from APNIC Labs indicated that the I-ROV filtering rate in Malaysia remained at a stagnant linear percentage.

However, after TM completed dropping the invalid routes, that percentage significantly increased to around 25%. This marks a substantial growth, changing the indicator for Malaysia from amber to green, as Tables 1 and 2, and Figures 1 and 2 show.

DateIPv4IPv6
January 2024~2%~1%
June 202428%26%
Table 1 — Malaysia’s total RPKI validation before and after TM’s deployment.

DateIPv4IPv6
January 2024~1%~1%
June 202499%99%
Table 2 — AS4788’s (Telekom Malaysia) RPKI validation before and after TM’s deployment.

Figure 1 — Turning Malaysia green, as of 19 July 2024.
Figure 1 — Turning Malaysia green, as of 19 July 2024. Source.
Figure 2 — AS4788’s I-ROV filtering, as of 19 July 2024.
Figure 2 — AS4788’s I-ROV filtering, as of 19 July 2024. Source.

All the planning, validation, and execution efforts by the team were entirely worth it. It was never about being the first or the biggest from the beginning; it was about protecting our customers from route hijacking and contributing to a cleaner Internet ecosystem.

We’ve done it and will continue to improve to ensure everything remains secure and in place.

I’d like to once again emphasize the importance of seeking help and collaboration in such projects. Deploying and dropping invalid routes isn’t difficult with the technical expertise of APNIC and the support of vendors and partners.

Learn more about RPKI at APNIC.
Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Top