Member Portal
Categories
IAA is a Great Place to Work Certified

It’s official! IAA is a Great Place to Work.

We’re delighted to announce that we have been awarded Great Place to Work® Certification. We now feature on the Great Place to Work portal, where you can learn more. We will wear this new badge with pride as a sign of a positive employee experience. In receiving this accreditation, we join the ranks of Cisco, Google and American Express. Great Place to Work is a globally recognised employee validation program.

On our first attempt at achieving certification, we received an impressive 86% overall satisfaction score. This score is based on a comprehensive employee survey and a detailed questionnaire about our workplace. Because employee feedback and independent analysis determine the scores, our certification can give future employees confidence that we genuinely offer a great company culture.

Hiring and retaining talent has never been more important or more challenging for all employers, so earning this certification means a lot to us.  We aim to be an employer of choice and foster a healthy workplace culture.

Undergoing the Great Place to Work assessment gave us some real insights into what we’re doing well and some opportunities to improve.

Comments from team members included:

“Excellent flexibility working from home, and ample opportunity to attend to outside of work commitments and requirements and make up the work later when it suits.”

“As a relatively small team, everyone is very busy but still happy to help each other out. We have lots of opportunities to grow in the industry, such as participating in industry forums and conferences.”

“Genuine flexibility and care from the management. Know how and understanding of the Internet and industry. Our status and respect as a trusted player in the industry.”

Of course, we are always looking ways we can be even better and look forward to repeating the process annually so that we can keep track of our progress. In this way, you can always be confident that creating a safe and happy workplace is at the heart of everything we do.

If you or someone you know are looking for a progressive and proactive place to work, check out our latest career opportunities on our website.

Our success in achieving Great Place to Work Certification is all thanks to our awesome team. Each and every one of them has contributed to making this possible and we’re pleased to share their achievement with you.

Convergent Events update

Since our last newsletter, we have been very busy hosting and planning Convergent Events for our Members to network, learn and grow.

First up in March was an online event – Malicious Domains: Where they are, and what we can do about them.” Industry experts, Graeme Bunton and Rowena Schoo, of the DNS Abuse Institute gave us fascinating insights into this topic. Don’t worry if you missed it, you can find it on IAA’s YouTube channel.

This was soon followed by an in-person event in Adelaide, in partnership with APNIC Academy Training, who provided an insightful RPKI/ROV Tutorial. This gave our members the opportunity to receive free training on this important subject (typically valued at $80), followed by the opportunity to network at our social event.

For those who couldn’t make Adelaide, you’ll be pleased to learn we’re partnering with APNIC Academy Training to provide the RPKI/ROV Tutorial again in two other locations. More details to follow, but make a note in your calendar, if you’ll be in Canberra, Tuesday 18 July 2023 or Sydney, Thursday 20 July 2023. In both cities the tutorial will run 1.30pm – 5.30pm AEST and be followed by a social event.  Check your emails and the IAA Portal closer to the date to register.

In other news, our Melbourne Convergent Event in May featured a talk by Professor Darryl Veitch entitled “Can I trust my clock? Why NTP is fail .” The presentation was followed by drinks and nibbles. Darryl’s presentation was well received with one attendee reporting: “Everything I thought I knew about how NTP worked and synced and reliability was wrong. This may have been one of those red pill or blue pill moments.”

Register now for our Convergent Online Event 1 June

On the back of the success of this event, we have decided to share Professor Veitch’s insights with the rest of our Members, with a special online event on Thursday 1 June 2023 from 12pm AEST (10am AWST) via Zoom.

Register via the IAA Portal now!

Member registration                                  Non-member registration

We look forward to bringing you even more Convergent Conference Events soon.

NSW-IX turns 10!

This June NSW-IX will have been in operation for 10 years!

We invite you to join our CEO, Narelle Clark and IAA Team and Board Members as we celebrate with drinks and canapés as the sun sets over Darling Harbour.

IAA Members are welcome to invite guests. Corporate Members can register themselves and an additional 7 guests, either internal or external to their organisation. Professional Members are able to invite one additional guest. All registrations need to be completed via the IAA Portal by the inviting Member.

Details
When: Wednesday 21 June | 5.30pm – 9.00pm AEST
Where: Helm Bar & Bistro, Sydney

Register via the IAA Portal now!

RSVP now!

By RSVPing for this event, you are agreeing to comply with IAA’s Code of Conduct – Events.

ONLINE CONVERGENT EVENT

View this presentation now on the IAA YouTube Channel.

Join us for this Online Convergent Event

Title: Can I trust my clock? Why NTP is a fail.
Date: Thursday 1 June 2023
Time: 12pm AEST/ 10am AWST

Venue: FREE Online Convergent Event, hosted on Zoom

Registration: Open to all via the IAA Portal

Register now for your chance to see Darryl Veitch’s brilliant presentation on Network Time Protocols, just how bad they can be and some new ways forward.

Professor Veitch is based at the School of Electrical and Data Engineering at the University of Technology Sydney, and is a member of the GBDTC (Global Big Data Technology Centre) where he runs the timing laboratory.

Darryl gave this presentation at our recent Melbourne Convergent Event and has kindly offered to represent it for you at this live, online event. Registration is free and open to both IAA Members and non-members via the IAA Portal. Tell your friends and colleagues!

Member registration                                  Non-member registration

By RSVPing for this event, you are agreeing to comply with IAA’s Code of Conduct – Events.

RPKI/ROV Tutorial and Convergent partnership event Adelaide

CALLING ADELAIDE

Title: RPKI/ROV Tutorial & Social Adelaide, in partnership with APNIC
Date: Wednesday, 19 April 2023
Time: Tutorial 1:00pm – 5:30 ACST | Social 6:00pm ACST
Venues:
TutorialBarr Smith South 2032 (RM), University of Adelaide, North Terrace Campus, 250 North Terrace, Adelaide
SocialThe Howling Owl, The Monocle room (accessed through an arch door beside the main bar on the ground level within the venue) 10 Vaughan Place, Adelaide. IAA Members are welcome to bring friends.
Cost: Hurry! The first ten IAA Members to register attend for FREE
Standard fees:   $40 APNIC Member (plus GST) or $80 Standard (plus GST)

 

Register for tutorial                   Register for social

A has partnered with APNIC to bring our members this important tutorial on RPKI and ROV. The tutorial will be followed by a social event. If you’re an IAA member and can’t make the tutorial, we’d still love to see you for a drink and some nibbles, so be sure to register now.

Course outline

  • Recent routing incidents
  • Current BGP filtering techniques
  • Resource PKI fundamentals
  • Installation and configuration of RPKI validators
  • BGP filtering with ROA (Route Origin Validation)

Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily. This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Course requirements

  • This workshop is for those with a working knowledge of IP Routing (esp BGP), how to use a router command line interface and backing Linux command line skills.
  • Participants are advised to bring their own laptop or desktop computers with high-speed internet access and administrative access to system.
  • It is also recommended that computers have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
  • Software: SSH Client, Telnet Client, VirtualBox/VMware
  • Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure. Test ssh connectivity, try to connect to route-views.routeviews.org. For example from the CLI type: ssh rviews@route-views.routeviews.org.

Trainers
Terry Sweetser
APNIC’s Training Delivery Manager (South Asia and Oceania)

Dave Phelan
APNIC’s Senior Network Analyst / Technical Trainer

HOW TO REGISTER

Tutorial Registration (first 10 go for free).
All attendees must use their APNIC Academy account. If you don’t have an account, it’s free and easy to get your own APNIC Login. Get started APNIC’s website. Once you have your login (or if you already have an account) you can register for the tutorial from the link below.

The first ten IAA Members to register for the tutorial are FREE! To access this offer you must be an IAA Member and use this code in APIC’s payment portal:  IAARPKIROA2023

Register for tutorial

Social Event Registration
We’re hosting a post-event social at The Howling Owl that’s FREE to all IAA Members, starting 6pm. Even if you can’t make the tutorial, we’d love to see you there. Corporate members can register themselves and an additional 7 guests, either internal or external to their organisation. Professional members are able to invite one additional guest. All registrations need to be completed via the IAA portal by the inviting member.

Register for social

By RSVPing for this event, you are agreeing to comply with IAA’s Code of Conduct – Events.

Convergent Melbourne Event with Dr Darryl Veitch

REGISTER NOW

Details
Date: Tuesday 9 May 2023
Time: 5:30pm AEST Registration Opens | 6:00pm AEST Presentation | 7:00pm AEST Social
Location: Garden State Hotel | The Observatory | 101 Flinders Ln, Melbourne VIC

Join us for our in-person Convergent 2023 Melbourne event! We’ll hear from Dr Darryl Veitch who is set to discuss Network Time Protocol and its worthiness as a synchronisation tool for equipment and services. Garden State Hotel’s premier function space, The Observatory, will provide the backdrop as Dr Veitch details his extensive measurements, taken over many years, that demonstrate just how bad Network Time Protocol is, and proposes a new way forward. 

Registrations open at 5:30pm. Enjoy complimentary beverages and canapes before Dr Veitch’s talk, taking place from 6pm to 7pm, and at the IAA social event that immediately follows. 

IAA members are welcome to invite guests. Corporate members can register themselves and an additional 7 guests, either internal or external to their organisation. Professional members are able to invite one additional guest. All registrations need to be completed via the IAA portal by the inviting member.
 

By RSVPing for this event, you are agreeing to comply with IAA’s Code of Conduct – Events

ACCESS NOTES: The Observatory is accessible through a lift located inside the hotel’s restaurant Tippy Tay. There will be a functions bollard sign positioned outside the venue and  guests will  be escorted to the lift area by host.

 

Register Now

 

 

woman working at laptop

From the CEO’s desk

Someone outlined the plot of an action film to me recently. Picture this, a worldwide communications system, built on a fundamentally flawed numbering system, is being held to ransom by unscrupulous operators. These operators won’t abide by the rules and use every means at their disposal to prevent the rules from being imposed on them, including bribery, corruption, hacking, DOS attacks, death threats, vexatious litigation and international subterfuge, crippling the administration of the communications governance system in a major continent. Sound like a fun film? An outlandish story?  I fear it will be playing soon at a local conference centre near you, as these are all allegations that have been made against some people contesting the APNIC Executive Council elections. Sadly, however, with the price of IPv4 addresses getting higher and higher, we are likely to see increased shenanigans, so it is all the more important that we ensure the governance of our regional internet registries are sound. The term ‘Wild West’ has often been used to describe internet actors, but in reality the policy processes of our Internet governance systems including ICANN, APNIC and the IETF are usually much more boring and very disciplined. Let’s keep it that way. If you have a vote in the APNIC EC election, make sure you vote and use your vote wisely. 

Speaking of things to combat the ‘Wild West’, we’ve announced our new online and in person conference series, kicking off with a session on Malicious Domains, given by Graeme Bunton and Rowena Schoo of the DNS Abuse Institute. This fun session will overview the latest research into DNS abuse, covering mitigations and best practice to keep things relating to our domain name system as boring and behind the scenes (i.e. WORKING!) as possible. I hope to see you online. 

This month I will be heading off to Apricot in the Philippines, where I will catch up with our colleagues from other IXPs across the region and hear about new content and other services likely to appear on our networks soon. A check of our traffic statistics tells us we are serving over a petabyte in content each day! Rest assured I will be hunting more of it down wherever I can. If there is a game or other service your users are driving up the transit bills with, let me know and we will do what we can to get them into our content farm. 

In other news, I hope you enjoy our latest article on traffic engineering, celebrate SA-IX’s birthday, check your Amazon IPv6 peering for a little typo recently discovered, and invite your colleagues to apply for this year’s IAA Systers program! 

Best path selection, attributes and tools to fix things!

This month, we continue to be at the edge of the Internet talking about aspects of Traffic Engineering (TE) in BGP! We began our blog series by writing about TE – the what, the why, capacity management and traffic management. This month, we’re taking a look at outbound and inbound TE on the Internet, focusing on how BGP performs best path selection and some of the BGP attributes that make up the algorithm to determine the best path for packets.

Optimising traffic flow is something every good network engineer tries to achieve, and there are several ways that we can do this. An important issue that often occurs during peak times is traffic congestion. We don’t need to tell you about the issue with traffic congestion, but for end users, seeing that buffering symbol is just as disappointing as seeing the red ring of death on an Xbox! Let’s begin by looking at optimising traffic flow through the lens of outbound vs. inbound traffic.

Outbound vs inbound
As network experts, we know what outbound and inbound traffic is, so let’s skip ahead and talk about engineering it! Engineering outbound traffic is the process of manipulating the routing of traffic leaving our AS. By doing this, we can locally influence outbound traffic routes by adjusting BGP attributes, specifically local preference or AS path length. In comparison, engineering inbound traffic is much more complex and involves manipulating the routing of traffic coming onto our network. It involves adjusting the BGP attributes of routes advertised by peers, but don’t forget, peers can override these attributes when updates are sent, making it much harder. Now that we’ve covered the difference between outbound and inbound TE, let’s talk more about best path selection.

 

‘Okay BGP, show me the fastest route’
The BGP specification defines an algorithm known as best path selection to choose and install the best routes into routing tables. The algorithm uses a predefined set of criteria to select the most efficient route across the Internet to a destination address or prefix. The table below lists the order of criteria.

Priority Attribute
1 Local preference
2 Local origin
3 AS path length
4 Origin code (lowest)
5 MultiExit Discriminator (MED)
6 eBGP over iBGP
7 Shortest IGP path to BGP next-hop
8 Oldest path
9 Router ID
10 Neighbour IP address (lowest)

Now that we’ve looked at this broadly, let’s examine this a little further and look at the attributes that can be manipulated to determine the best path.

BGP attributes 
BGP protocol determines a score for each path based on attributes – these are the aspects we manipulate to make the BSP algorithm work the way we want it to. To better understand attributes, let’s split them into categories: mandatory, discretionary, optional transitive and optional non-transitive.  

Mandatory 
Mandatory: sounds demanding, doesn’t it? That’s because they are REQUIRED for routes to be considered valid. These are recognised by all BGP peers and are present in all update messages. These attributes are Next-hop, Origin and AS Path. 

Discretionary 
Discretionary attributes influence the algorithm but aren’t required for route validation. These are recognised by all routers, passed to all peers and can be included in update messages if required. These attributes are Local Preference and Atomic Aggregate. 

Optional transitive 
Optional transitive attributes can provide additional information about routes, but don’t generally affect the algorithm. They are possibly recognised by BGP routers and may be passed to other peers when received from a peer. These attributes are Aggregator and Community. 

Optional non-transitive 
The optional non-transitive attributes are Multi-Exit Discriminator (MED), Originator ID and Cluster ID. Non-transitive attributes received from a peer are not permitted to be passed to other peers by the receiving AS. 

In addition to attributes, asymmetric routing is also integral to quality TE.  

Let’s take a different route home 
Asymmetric routing is another important aspect of TE. This occurs when a packet travels from a destination down one path and takes a different path upon its return – it’s very common in BGP and you can’t avoid it! Generally, asymmetric routing doesn’t cause issues, but when it does, it’s usually causing issues with load balancing leading to suboptimal routing. This type of routing occurs when 2 available paths are present and contain the same number of hops; AS path length will not force a routing decision. Therefore, the algorithm moves to the next attribute in the priority stack. 

Asymmetric routing can also cause issues with stateful devices, such as firewalls: traffic flows returning via a different path than the one they departed on can arrive at a different device, and if the receiving device is not aware of the flow’s existence or has no matching entry in its state table, the incoming traffic is dropped: 

Something’s wrong, help!
Things are always great when they work, unfortunately that’s not always the case! When it comes to TE, there are some great diagnostic tools out there including looking glasses, RIPE Atlas, NLNOG RING and more. They help us to troubleshoot a variety of different network issues. Here at IAA, we use looking glasses wherever they are available to determine how a network (AS) directs traffic destined for a particular IP address or subnet. We also operate our own looking glass for each IX, which can help give a better understanding of the paths available to a particular destination via the IX (or, indeed, if a destination is NOT reachable via the IX). When a looking glass is not available (i.e. a network operator has not made one publicly available), tools such as RIPE Atlas are invaluable for observing the path that traffic takes out of a particular AS, and can be used to narrow down the probable point of any routing issues along the path from a given AS to the destination. 

Understanding the difference between outbound and inbound traffic engineering is crucial to optimising traffic flow over networks. As network engineers, understanding which attributes can be manipulated to ensure packets travel down the best path can help reduce traffic congestion, improve efficiency and reliability. If you’d like to learn more about how to improve network performance through outbound traffic engineering, stay tuned for next month’s ‘how to’ blog article!

SA-IX milestone

This month marked 10 years since IAA announced the launch of a peering point in South Australia, heralding the further expansion of our IX-Australia peering network. 

SA-IX’s 10th birthday was officially celebrated on Monday 27 February. Here’s to another 10 years – and hopefully many, many more!