Member Portal
Categories

When a malformed BGP update made things interesting

On 8 October, we received alerts of IPv6 peers flapping toward several route servers across both IAA and NZIX. Investigation revealed that peers were receiving a malformed BGP update, isolated to our route server BGP daemon software (Bird v2.0.7). The issue stemmed from Bird propagating an attribute it didn’t support, and it wasn’t just us. Other exchanges including JINX, DINX, CINX, THINX, MegaIXs, LONAP, GetaFIX, PIT-IX, and later EdgeIX were affected too.

The culprit? The way RFC 7606 handles unknown attributes (ironic right?), is to set the transitive bit on a BGP attribute if it’s unknown. Our friends at BGP Tools provided an excellent breakdown of how this can occur:

“If a BGP implementation does not understand an attribute, and the transitive bit is set, it will copy it to another router.

Source: Benjojo’s Blog – BGP Path Attributes and Grave Error Handling

The issue was initially filtered upstream by the offending peer, which stopped the immediate problem. However, since we remained vulnerable to a recurrence, we rolled out the latest Bird code to our lab environment. Compatibility testing with our route server config generator (arouteserver) showed no issues, so we scheduled maintenance windows with provisions to escalate to emergency maintenance if the fault reappeared.

Upgrades went live on Route Server 2 for IAA on 20 October and NZIX on 23 October. And sure enough, on the same day the issue re-emerged across exchanges, prompting an emergency upgrade of Route Server 1. We’re now running Bird 2.17.2, which includes support for RFC 9234, allowing it to drop a malformed Only-to-Customer (OTC) attribute instead of propagating it.

It’s difficult to confirm whether the problem originated from Bird taking a 4-byte field and malforming it to 1024 bytes.  On-the-wire data suggests it remained a 4-byte update, but for stability’s sake, IAA will review alternative BGP software stacks for route servers to reduce any single-point dependency on the Bird BGP stack.

Adventuring at BSides Canberra 2025

In late September, IAA’s trusty Development Team, Kyle and Cam, embarked on a quest to Canberra for the biggest BSides yet. We’re told it was a packed few days of talks, workshops, and a strong focus on AI and machine learning in security.

One of the most talked-about sessions was Bitsquatting .gov.au Domains by Matthew Belvedere, which explored how random bit-flip errors in DNS traffic (sometimes caused by cosmic rays) can redirect requests to attacker-controlled servers. It definitely got people thinking.

Our Dev Team do love to flip the script. This year’s theme was Dungeons & Dragons, and their CTF team, Illithids Against Adventurers, placed an impressive 42nd out of 395 registered teams, further proving brains beat brawn (this round at least).

With so much happening and so little time to see it all, it seems BSides Canberra 2025 was as intense and inspiring as ever and the team came back buzzing with ideas.

IAA was pleased to sponsor this year’s conference, once again.

IAA Member Portal update

It’s been a quiet quarter on the Portal front, but there are still a few changes worth noting.

  • Member Resources has had a facelift, and you’ll now find more IAA reports and resources conveniently located within.
  • Peering Service Provisioning has been improved with automatic IP address allocation, making setup smoother and faster.

Most of the other updates since August have been behind the scenes, small tweaks and internal improvements to keep things running smoothly.

Check out the refreshed Member Resources section in the Portal and see what’s new.

Learn more!

Ready to roll? Perth kicks our tournament off this week!

Our End of Year Events series is about to begin and Perth, you’re up first this week!

We’re wrapping up 2025 with our Tournament of Peers. Held across Perth, Sydney, Melbourne, Brisbane and Adelaide, we’re pitting exchanges head-to-head to see who will be crowned IAA’s bowling champions.

Join us for an evening of tenpin bowling, good food, and great company. Whether you’re in it for the strikes or just here to have a laugh, this event is all about connection and a bit of fun to close out the year.

Each event will feature casual team bowling, local prizes, and scores that feed into a national leaderboard. Bragging rights are on the line for your local IX.

Perth: Wednesday | 5 November 2025 | 5:30pm – 9:00pm

Melbourne: Tuesday | 11 November 2025 | 5:30pm – 9:00pm

Sydney: Wednesday | 19 November 2025 | 5:30pm – 9:00pm

Adelaide: Tuesday | 25 November 2025 | 5:30pm – 9:00pm

Brisbane: Wednesday | 3 December 2025 | 5:30pm – 9:00pm

Don’t miss out! Head to the IAA Portal for more details and to register now!

Register now!

Tasmania we invite you to join us for the ACS Tasmania End-of-Year celebration on Thursday, 27 November at Wrest Point, which we’re proud to co-host.

Learn more in this news item. 

Apply Now for IAASysters Brisbane 2026!

Following the success of this year’s Melbourne program, we’re thrilled to announce that IAASysters 2026 will take place alongside AusNOG 2026 in Brisbane!

IAASysters Workshop – 2 September 2026
AusNOG Conference – 3–4 September 2026

Applications are now open for IAASysters Brisbane, a program designed to empower women in the internet industry through practical sessions, mentoring, and connection. Participants will gain insights into leadership, career planning, and communication — plus the chance to attend Australia’s premier technical conference.

Successful sponsored attendees will receive:
• A ticket to attend the IAASysters Workshop
• A ticket to attend the AusNOG technical conference
• Economy airfares and accommodation (if required)
• A one-year complimentary Professional Membership to IAA

Whether you’re looking to apply, nominate someone deserving, or sponsor the next generation of women shaping our industry, now’s the time to get involved.

Learn more

Here’s to the Sponsors and IAASysters of Melbourne 2025 – we could not have created such an amazing event without you all.  

ACS Tasmania End-of-Year Celebration 2025

As the year winds down, IAA is pleased to support the ACS Tasmania Branch’s End-of-Year Celebration. This joint event bringing together Members from ACS, TASICT, AWSN, and IAA.

Join us on Thursday, 27 November at the Boardwalk Gallery, Wrest Point Conference Centre, for an evening of networking, food, and refreshments as we celebrate another year of collaboration across Tasmania’s tech community.

Venue: Sandy Bay, TAS
Time: 6:00–8:00 pm AEDT
Cost: Free for IAA Member with code IAA_EOY25

Learn more and register now via ACS’s event’s page: 

Register now!
Advocacy Corner logo

Advocacy Corner update: September – November 2025

It’s been yet another busy quarter in all things telco and internet policy; from holding our quarterly PPAP meeting, to our CEO and Senior Policy Officer presenting at various industry events on telco regulation and all the submissions we’ve made in between! And with the ACMA’s recent announcement to reject the TCP Code, we’re expecting more busy times ahead. Industry has been given 30 days to address ACMA’s concerns, and while we’re disappointed the last revision of the Code was not accepted, we are committed to continue working to develop an industry code that is practicable while also upholding consumer safeguards.

In September, Sophia gave a lightning talk at AusNOG to brief industry on the new Risk Management Program rules, which kicked off on 4 October this year! So, a reminder to all Members that if you are a carrier, or a CSP that has over 20,000 services in operation or provides services to the Commonwealth government, you need to develop your RMP. If you need help doing so, IAA has partnered with the WISPAU for Members to receive discounted RMP training which includes template materials. Contact us at policy@internet.asn.au if you would like to join. You can also access the presentation slide-deck on our website for a summary of the RMP and other critical infrastructure legislation obligations.

On the flipside, if your business has gone through the process of becoming ISO27001 compliant (or other cyber security framework), we’d love to hear from you! Compliance with a cyber security framework is a requirement under the SOCI regime.

Also, a reminder that many of the obligations under the Telco DFSV Standard will come into effect from 1 January 2026 for large providers with ≥30,000 SIOs, or 1 April 2026 for smaller providers with less than 30,000 SIOs. This includes having a DFV Policy, DFV Statement and conducting DFV training, all of which must be developed in consultation with DFV support organisations and a panel of victim-survivors or representatives of groups disproportionately affected by DFV. Smaller providers can rely on industry representatives to consult on their behalf. IAA is looking at doing this on behalf of our Members and will let you know further details in due course. If this is something you would be interested in, please let us know at policy@internet.asn.au. In the meantime, read this explainer article to help understand your obligations.

Narelle moderated a multistakeholder panel discussion at the auIGF 2025, talking all about trust in the sector! When we organised the session, we weren’t expecting a series of large-scale Triple Zero outages to occur, which led to a fiery discussion on regulatory ways forward for the telco sector. IAA is proud to have sponsored the auIGF again as a valuable forum for different stakeholders to discuss the future of internet governance. You can watch the session on YouTube.

Narelle then made her way to the CommsDay Wholesale Congress where she gave a speech on the speed and volume at which telco regulation is being introduced, and the need for an improved approach that doesn’t disproportionately affect smaller telcos. Similar sentiments were shared at a panel later the same day that also featured IAA Chair, and Leaptel CEO, Matt Enger.

As always, please get in touch to share any thoughts on any of the open consultations below and/or previous submissions as we really appreciate your feedback.

Completed submissions:

October 2025

Inquiry into Combatting Crime as a Service | Parliamentary Joint Committee on Law Enforcement

September 2025

Review of the TOLA Bill | PJCIS

Inquiry on Implementation of Age Assurance Measures | Senate Standing Committee on Environment and Communications

IAA’s submission to Horizon 2 of the Australian Cybersecurity Strategy

5 Pillars of Productivity Inquiries Interim Report | Productivity Commission

August 2025

Record Keeping Rules Review 2025 | ACCC

Public Inquiry into whether to vary the SBAS Access Determination | ACCC

Draft Telecommunications (Consumer Complaints) Record Keeping Rules Amendment 2025 (No. 1) | ACMA

Welcome new Members! November 2025

Welcome to our newest Professional Members:

Keith Besgrove
Josh Duckett
Justin Gettens
Russell Harrower 
Andrew Rutherford
Karla Stokes
Diego Torre

Welcome to our Corporate Members:

TasmaNet

Please join us in welcoming TasmaNet! They join IAA following the transfer of services from Field Solutions Group to TasmaNet as they are now part of CommsGroup Limited. As a leading Australian telecommunications provider, TasmaNet delivers high-performance connectivity, cloud, and managed network services to business and government customers nationwide.

Vine Networks

We’re pleased to welcome Vine Networks to the IAA community! Based in Brisbane, Vine Networks joins the exchange to strengthen local connectivity and performance through peering. With a focus on tailored business network solutions, they’re committed to delivering reliable, high-speed services while keeping data local and efficient.

Gigawave

Welcome Gigawave to the IAA community! It’s always great when connections made at AusNOG turn into new peers! Gigawave, a small but growing wireless ISP, joins IAA after seeing first-hand the value of peering and the strong community behind it.

Blue Wireless

Welcome also to Blue Wireless!  As a global leader in wireless enterprise connectivity, they deliver reliable 4G/5G solutions for branch networks, construction sites, retail, and remote operations, helping businesses stay connected wherever they work.

From the CEO’s desk – August 2025

So here we are into the new financial year, and it’s out with the old and in with the new. We’ve got fantastic new content services being switched on shortly, with Microsoft caches coming online across the country; we’ve issued end of sale notices for 1Gbps ports at several locations, flagged the closure of Host Networks in Queensland, and QV1 is finally done and dusted. It really was sad to see the end of the QV1 era, but the cost to operate it versus the revenue wasn’t really paying off for Members. I was not thrilled going through all that debris, either! Talk about telco archaeology. I haven’t seen some of those transceivers since possibly the 90s! They seemed to have bred in there like electronic cockroaches, too.

We’ve had a load of fun catching up with everyone celebrating our 30 Years of Peers anniversary. Our next get togethers are likely to be on the regulatory front as we work with the Telco Together Foundation to put together material to help everyone comply with the new Domestic, Family and Sexual Violence Standard that aims to assist customers in that situation. Keep an eye out for those sessions. Given many of our Members have under 30,000 subscribers they can use the procedures and policies developed by an industry association, unlike the larger organisations who will have to undertake their own consultation and develop tailored procedures. Smaller providers are now regularly reporting to us that our regulatory templates are a huge help, and their first port of call when thinking compliance. Glad to be of service!

On the network front, Matt and Aaron have been retiring those old Extreme 670 switches in preparation for a national upgrade to EVPN, but there is a truckload of testing to complete first. We are also using this to do a few other rearrangements and consolidations meaning we are likely to turn on 400Gbps ports in Melbourne soon and upgrade that core sooner rather than later. I rather suspect we’ll need it with the new content coming your way!

On the staffing front, we recently welcomed Kaitlin to the finance team (while Felicity enjoys the company of her newest family member) and Joshua as a network engineer. We also said goodbye to Board Member David Hooton, who stepped down due to increasing work commitments. Our sincere thanks to David for his outstanding contribution. We’re pleased to share that Emma Mondy, a participant in our mentoring program, has stepped up to fill the vacancy.

The AGM date has been set for 29 October via Zoom, so the team are now in a reflective mood compiling all our achievements for the annual report. I look forward to sharing all that and more with you then. 

Happy peering!

Narelle

Question from the desk

Each newsletter, I will pose a question to Members, because your perspective is important. Please email me with your thoughts and opinions. Over to you:

How useful do you find our regulatory templates?

Click here