Improving Technical Security

The Role of South Asia’s NOGs in Community Building

At the recently concluded 34th South Asia Network Operators Group (SANOG 34), it was interesting not only to hear about the evolution of digital infrastructure, technology, and the economy in South Asia, including the opportunities it presents to network operators, but also to hear how community-led national Network Operating Groups (NOGs) in South Asia are working to build technical community knowledge, capacity, and engagement in their respective economies.

SANOG, which was set up as a sub-regional, community-led initiative in 2003, has played a significant role in bringing operators from the region together for knowledge sharing and cooperation. It is a biannual event, rotated among economies for maximum reach and participation.

While the NOGs of developed economies in the Asia Pacific began forming in the late 1990s, the NOGs in South Asia are quite recent: Bangladesh (bdNOG) and Bhutan (btNOG) were set up in 2014; Nepal (npNOG) in 2016; Sri Lanka (LKNOG) in 2017; and India (INNOG) in 2017.

The objectives of these NOGs are to encourage knowledge sharing within their respective economies and discuss global and regional technical developments, while addressing local requirements and issues. This, in turn, helps members of the operator community acquire the necessary skills to equip them for the present and the future. NOG meetings also provide a common ground for networking among participants, which helps in the exchange of ideas and thoughts. While most of the NOGs in South Asia have an annual event, it is only bdNOG that is held twice a year. The NOG meetings are normally rotated across cities in order to cater to more people.

While most NOGs organize both workshops and conferences during their events, depending on the requirement of the region and availability of trainers, the number of conference and workshop days at a NOG meeting vary: bdNOG has a half-day conference and four days of workshops; INNOG has a one-day conference and three days of workshops; npNOG has a half-day conference and three days of workshops; and LKNOG has a one-day conference and a one-day workshop.

Topics for discussion and training are normally decided based on global and regional trends, keeping domestic requirements in mind. IPv6, IXPs, MPLS, DNS, routing security, network monitoring and management, and SDN are some of the workshop topics you can expect to find at a NOG meeting in South Asia.

Most NOG meetings are paid entry events, with an average of around 150 participants attending.

We can look to the larger and more established NOGs in the Asia Pacific region for inspiration for what we want our South Asian NOG meetings to become. Holding hackathons and expanding the topics of discussion to more cutting-edge topics like next-generation data centre architecture and segment routing are just two ideas. Some very large NOGs are even able to run meetings without registration fees, attracting large numbers of attendees.

To encourage participation, NOGs such as LKNOG, btNOG, and bdNOG have provided fellowships. As women and youth are still less represented in such meetings, diversity initiatives have been taken by NOGs in the sub-region, including providing fellowships for women and young students in btNOG, organizing a networking panel for women, to promote women in tech at LKNOG, and so on.

While most of the NOGs aspire to increase their participation further and provide fellowships to deserving candidates, they face issues such as the uncertainty or inadequacy of sponsorships and unavailability of trainers (especially local). NOGs in South Asia can be particularly hindered by these issues.

Despite the odds, however, the NOGs are finding innovative ways to encourage more participation and help build a community of  trained and knowledgeable network operators, who are connected and can support one another when required.

This article reprinted with permission by the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia-Pacific region.


GLIF 2017 to be held in Sydney

The programme for the 17th Annual Global LambdaGrid Workshop has been announced. This is being held on 25-27 September 2017 at the University of Sydney, Australia, and hosted by AARNet, the Australian National Research and Education Network.

This event is bringing together networking experts from around the world to collaborate and exchange knowledge on new fibre optic networking technologies, middleware and applications. The workshop will have a specific focus on how global network architectures are supporting research applications in the Pacific region, in particular astronomy, high-energy physics, and other data intensive science. There will also be demonstrations of high-bandwidth applications.

Further Information

Deploy360 IPv6

RIPE 74 – Highlights from Day 2, Part 2

The RIPE 74 meeting is happening this week in Budapest, Hungary, and we’re highlighting the presentations and activities related to the Deploy360 technologies throughout the week.

As we mentioned in the first part of this blog, Tuesday was a busy day for us and too much to cover in one post, so here’s the second part covering the points of interest.

First of all, take a look at the ‘IPv4 Transfers 5 years after runout‘ presentation from Elvis Daniel Velea (V4Escrow). This showed there are only around 37.4 million IPv4 addresses still available across all RIR regions, with AfriNIC having the most at 18 million, and ARIN the least at zero. At current projections, all IPv4 addresses will be exhausted by early 2021, and there has also been a significant rise in IPv4 transfers since 2014.

The interesting factor though, is these transfers are primarily into large developed economies, which suggests that smaller economies may have difficult in growing their Internet capacity in future. There are currently only a few large blocks (/16 or larger) available on the market, so most transactions are for /17s or smaller with prices being observed around USD 12-14 per IP address. Even smaller blocks are now trading around USD 15-20 per IP address, but the bottom line is that supply remains extremely limited and prices are expected to approach USD 20 by the end of 2017, with IPv4 addresses expected to become completely unavailable by 2025.

So we haven’t said it enough times, network operators need to be deploying IPv6 now or face the prospect of not being able to expand their businesses – either technically or economically – in the near future.

More practically, there was a good presentation about RKPI deployment from Yossi Gilad (Hebrew University of Jerusalem). He highlighted some of the challenges of deploying RPKI such as loose Route Origin Authorisations (ROAs) whereby the specified maximum prefix length exceeds the prefix length. This affects more than 30% of all IP prefixes in ROAs, and allows attacks to hijack all traffic to non-advertised sub-prefixes in the ROA. Other mistakes include misconfigured ROAs that invalidate genuine prefixes, and potentially cause disconnection from legitimate routes.

ROAlert is a tool that allows you to check whether a network is properly protected by ROAs, and if not, what the problems are. It also offers a proactive notification system by retrieving ROAs from the RPKI and comparing them against BGP advertisements, thus alerting network operators to wrongly configured ROAs. The results so far have been encouraging, with 168 operators having been notified of ROA errors of which 42% were fixed within a month. Network operators are encouraged to use this facility, and the hope is that it will be adopted by the RIR communities.

Keeping with the same theme, Andreas Reuter (Freie Universität Berlin) reported on the levels of RPKI adoption. Their analysis attempted to determine which ASes had adopted RPKI filtering policies, although it is not always easy to determine whether a route was being filtered based on RPKI, or whether this was due to private routing policy decisions. It was determined though, that a handful ASes are making routing decisions based on RPKI, and the next steps are to develop a live monitoring system to improve the quality of the data collection in order to get a more accurate view of RPKI adoption.

Finally, although it’s not a Deploy360 topic, there was a fascinating presentation on the Quantum Internet from Stephanie Wehner (Delft University of Technology). The aim of a quantum network is to communicate qubits (the quantum equivalent of the bit) almost instantaneously between two points on earth, which can address the delays associated with the speed of light. This has been demonstrated at 100 km distances, and there have been successful experiments at 300 km ranges, but the real challenge is over longer distances which is currently problematic to achieve in a reliable manner.

If you’re interested in learning more, QuTech will be holding an open day in Delft, The Netherlands on 22 June 2017. Would be a great opportunity to find out more about this technology that promises to radically change how we think about computing and networking.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at

Deploy360 Events IPv6

Talking NAT64Check at DKNOG in Copenhagen

Tomorrow (16 March) from 13:45 – 14:30 CET (UTC+1), at the Danish Network Operators’ Group (DKNOG) in Copenhagen, I’ll talk about our experiments on NAT64 and DNS64 in the Go6lab and also about NAT64Check. Watch live via DKNOG’s live stream page at

As many mobile operators are moving to IPv6-only, which is incompatible with IPv4 on the wire, it’s necessary to employ transition mechanisms such as 464XLAT or NAT64. The Go6lab NAT64/DNS64 test bed was established so that operators, service providers, and hardware and software vendors can see how their solutions work in these environments. This has already generated significant interest; instructions on how to participate are available on the Go6lab website.

NAT64check allows websites to be checked for consistency over IPv4, IPv6-only, and NAT64, and to compare responsiveness using the different protocols. This allows network and system administrators to easily identify if anything is ‘broken’ and to pinpoint where the problems are occurring, thus allowing any non-IPv6-compatible elements to be fixed. For example, even if a web server is not running IPv6 (why not?), hard coded IPv4 addresses can cause NAT64 to fail.

During the talk I’ll share some insight and discuss issues that I found while testing NAT64/DNS64 technology in real life scenarios and use cases.

If you are at DKNOG, I’m more than happy to chat and discuss all this new technology that makes the Internet such a great place!

Deploy360 Domain Name System Security Extensions (DNSSEC) IPv6

Deploy360 @ Slovenian IPv6 Initiative & SINOG 3

Go 6 logoThe Deploy360 team will be supporting the 11th Slovenian IPv6 Summit and SINOG 3 events next week, that are being organised by the Go6, ARNES and LTFE, and sponsored by the Internet Society along with several other sponsors.

The Slovenian IPv6 Summit is being held on Tuesday, 21 June 2016, and features a keynote from ICANN Board Member Lousewies van der Laan on how Internet governance impacts on operators. Patrick Fältström (NetNod) will also be speaking about the Internet-of-Things and IPv6, with other interesting talks on Automating IPv6 deployments by Ivan Pepelnjak (NIL),  IPv6 Security by Fernando Gont (SI6), and IPv6 Autoconfiguration challenges by Sander Steffann (SJM Steffann).

The afternoon session is largely devoted to case studies, including a talk on IPv6 in SPAWAR by Ron Broersma (US Navy), IPv6 in Switzerland by Silvia Hagen (Sunny Connection), and how IPv6 was deployed in LinkedIn from Stephanie Schuller (LinkedIn), with the local interest coming from Luka Manojlovič (MA-NO).

On Wednesday, 22 June 2016 is the SINOG 3 meeting which will be a mix of presentations in Slovenian and English. The keynote is being provided by Ivan Pepelnjak (ipSpace), followed by a talk on the DNS-management software Ansible by Anand Buddhdev (RIPE NCC). There’s another presentation on the security of the Internet-of-Things by Milan Gabor (Viris), and at the end of the day is an Ansible workshop led by Uroš Bajželj (LTFE).

The full programme can be found on the SINOG website and Go6 website. Registration is free-of-charge and open to anyone.

Both events are being held at Tehnološki park Ljubljana, and are being streamed.


Norwegian Network Operators Group (NoNOG) is born

nix_logo-webThe Norwegian Internet community last week came together at the Norwegian Internet Exchange (NIX) meeting in Oslo. Whilst various topics were presented and discussed, we would like to highlight one topic particularly close to our hearts – namely the discussion about creating a Norwegian NOG group.

The proponents behind this asked the community whether it felt there was a need to create a NOG in Norway – and if this answer was yes, how to run, sustain and make it a success.

I had the honour and privilege of sharing a stage with RIPE Chairman Hans Petter Holen, who explained how RIPE, RIPE-NCC and regional RIPE meetings operated. I followed him by giving a presentation on the generic features, procedures and aims of existing NOGs around the world, followed by the example of how we created Slovenian NOG (SINOG), how we run it, how things works, what to do and especially what to avoid.

We also briefly discussed the currently pertinent issue of “NOG relations with governments” and our message was that whilst governments should not create and/or run NOGs, they are welcome to participate by send their experts to meetings. We also encourage government to recognise and endorse NOGs as stakeholders in the local (or regional) Internet ecosystem and use them as a resource when it comes to discussions on technical matters related to the Internet.
NIX meeting

A discussion followed our presentations where the community expressed strong consensus that Norway needs a NOG. We are therefore pleased to announce the birth of NoNOG!

From this there was further discussion on how the NOG should be implemented, and this led to the establishment of the NoNOG Programme Committee with NIX being asked to take on the administrative support. There was a strong feeling not to start with a defined structure such as a charter, but ask the  Programme Committee to put together a good agenda for the first NoNOG meeting that is proposed to be held in conjunction with a NIX meeting. From there a decision will be made whether to continue and if the group needs to be chartered.

Jan Žorž

More information: