Member Portal
Categories

Policy Updates

October’s Advocacy Corner Update

The Federal government is continuing to ramp up its program of legislation aiming to control the perceived and real threats from the online world. We’ve written about our participation in the defamation workshops, but just recently it has become clear that the government would like to see defamation regulated the same way as it wants to regulate more obviously dangerous material, ie through the eSafety Commissioner and alongside the Online Safety Act. 

There are some very real risks we see with this approach: it is not clear where the liability and responsibility for defamatory material will lie, nor even whether this can be efficiently or effectively implemented. It became increasingly clear throughout the workshops that while it was accepted that straight carriage service providers won’t be liable (as “mere conduits”) other services usually included in an internet access service such as DNS, email, and web hosting, where ISPs have no effective part in the publication of material, may well have liability. Rest assured, we are doing our darndest to reinforce the fact that making a domain name available via the DNS is not an act of defamation, but unfortunately there are no guarantees that legislators won’t do something really stupid. They seem to find it difficult to separate certain large social media platforms from “the Internet” and are increasingly keen to enforce takedowns further and further down the technology and infrastructure stack. 

An amended Critical Infrastructure Bill through the House of Representatives last week. Introduced as part of the PJCIS’ report on the Critical Infrastructure Bill, this legislation will see the introduction of a new mandatory notification scheme for cyber incidents. It will also provide Home Affairs with the power to issue information gathering, intervention and action direction requests. Part II of the Bill, which will focus on risk management plans and the declaration of Systems of National Significance (SoNS), is expected to face further consultation with industry. 

Communications Alliance released a new code C666:2021 Existing Customer Authentication, which provides an improved framework to authenticate the identity of customers making transactions involving their telecommunications service. So new rules there for people to apply when gaining or transferring customers. 

Submissions

Recent Submissions

In October, we made submissions to: 

 

Open Submissions

Reporting of Telstra delivery of voice services | Department of Communications 

The Department of Communications has proposed that Telstra should improve their reporting of their voice services delivery in regional areas and provide quarterly reports to ACMA and Department of Communications relating to service quality and delivery. 

Record Keeping Rules Consultations | ACCC 

The ACCC is consulting on changes to the Record Keeping Rules for Telecommunications Infrastructure Assets. The Record Keeping Rules requires specific carriers to report on their core network and customer access network infrastructure to help the ACCC analyse competition within the telecommunications market.  The ACCC is seeking to update their list of record-keepers and introduce new reporting requirements for end-user equipment and mobile infrastructure.  

The ACCC is also seeking to amend the NBN Record Keeping Rules, including introducing reporting for enterprise ethernet services and businesses satellite services. They will also gather additional data on CVC capacity and utilisation data and ask NBN Co to report on performance against service standard commitments set out in the Wholesale Broadband Agreement. The latter agreement is still open to review, despite some members reporting they felt pressured to sign version five already. 

End of Year Network Change Embargo

This year, our network change embargo period is from 22nd December 2021 through to 10th January 2022 inclusive. This means that we won’t be provisioning any new services or changing any existing services during this period. Support staff will, of course, be on call to deal with urgent issues or network emergencies should they arise. 

Please remember all orders and change requests need to be received by 10th December, 2021. Login to the portal now if you need that upgraded or extra port! 

From the CEO’s Desk

There’s nothing like setting the dates for the end of year change freeze (22 Dec – 10 Jan) to make you sit up and notice the year is almost over! At least most of us are out of lockdown in time to do some seasonal shopping. On our shopping list is a brand new out of band network, and a few extra switches to accommodate all the member growth we keep seeing! The big Facebook outage recently demonstrated just how important your out of band access is when the network is broken, and that out of band access is vital for ensuring you can get access to sort whatever problem the network or our own humanity causes. Our existing out of band network is old and barely serviceable, so it’s definitely time for a replacement. 

Speaking of replacements, we are currently advertising for a new Policy Officer and Network Engineer, both of whom are off to new roles. If you know of anyone that might be suitable, drop us a line – they need to be totally fluent in internet acronym-speak, albeit somewhat different ones for each role, and be truly dedicated to serving our industry and making the Internet better. 

We’ll also be recruiting soon for an Advisory Council. The council will comprise members/member representatives and is to assist us in forming our positions on the various regulatory and policy issues and will meet about four times per year to give us that guidance. We’d love to hear from your policy nerds or even business people that have an interest in sensible rules within our industry. If we can pick the brains of a few of you, our submissions and representation will be even better! 

A huge congratulations to the team and to NZIX with the launch of WLG-IX. With two initial points of presence, this is a great expansion to the existing services across New Zealand. The POPs are in Xtreme and Spark’s Featherstone sites so nicely accessible to many of the Wellington service infrastructure.  

You may have noticed that auDA has finally launched the timetable for direct registrations in the .au namespace. This means you will be able to register your own domain names as a second level domain directly under .au. If you already have some_example.com.au then you will have priority in getting some_example.au as long as no-one else has some_example.org.au etc. Most countries have direct registrations already and it didn’t break their internet when it was introduced, but members should be aware that this change is coming, and it might mean extra effort in your DNS or customer support. Or you might want to try a whole new marketing approach with your shiny new short url. Check the auDA website for the full rules and the timetable. 

Last but not least, I must extend my thanks to member Ciphertel for stepping into the breach when we couldn’t get to QV1 for the power outage this month. It is brilliant to see the value our members bring. I just hope the coffee in the new café is good enough to justify the hassle. 

As ever – please feel free to get in touch to give me your views on any of the topics in this month’s newsletter. 

Narelle Clark  

Don’t be the smelly kid! Tips for good BGP hygiene

We all know about Border Gateway Protocol (BGP). We also know that it’s permissive by nature and that serious problems can happen when routes are leaked or, worse still, hijacked. In previous years, even prominent organisations such as Google, Apple, Facebook, YouTube, and Microsoft have been victims of hijacking, which is a good reminder that we need to actively prevent it.

So, the question remains, how do we protect ourselves and reduce our networks’ vulnerability to leaking and hijacking? Think BGP security!

Although it’s a topic that has been widely discussed for many years, there are a few things you can do to instantly improve BGP security on your network by adopting some of our tips for good BGP hygiene.

 

Tip One: Block bogons

Plain and simple, by definition, bogon prefixes should not exist on the Internet. Bogon routes are bogus. They are those routes that comprise IP address ranges mistakenly, or purposely, advertised that are unassigned, or even reserved for something else altogether. We should not be receiving or sending packets from them, and if collectively blocked, we can protect our networks.

What do people achieve by using this space? SPAM! You can use a prefix that no one owns and spam to your heart’s content. TEAM CYMRU provides a BGP feed that you can use to drop these at your edges automatically.

 

Tip Two: Filter, filter, filter!

Filtering should be applied at every stage, starting with a ‘drop all’ and being specific about what to allow.

Transit Providers – Ingress:

  • Drop Bogons (including RFC1918 space) – DON’T RELY ON A DROP ALL RULE TO CATCH THESE
  • If you are expecting only a default route, DROP EVERYTHING ELSE
  • If you are expecting a full transit feed without default, DROP DEFAULT

 Transit Providers – Egress

  • Send your routes
  • Send your customer routes – send your customer tagged routes based on your internal community
  • Do not use prefix lists alone – you MUST use prefix lists and communities together

 Customers – Ingress

  • Drop Bogons (including RFC1918 space)
  • Validate prefixes with RIRs and get LOAs – if the customer does not own the prefix, do not accept it
  • Match BOTH prefix AND AS-Path
  • Drop RPKI invalids
  • Set max-prefixes – if a customer should only be sending you ten prefixes, set a limit of 15 on the session. That way, if they have a route leak, their session will be disabled and will stop you from propagating the leak (see tip three for more information on leaky routes)
  • Use communities – tag valid routes here with an internal community, and propagate to your providers based on the communities

 Peering Providers (that’s us) – Ingress:

  • Drop Bogons (including RFC1918 space)
  • Do not trust routes from route servers – we validate, but you MUST validate them too
  • Set max prefix limits on sessions and shut down route servers if it exceeds the max prefix limit (generally 10-20% of total routes)
  • Drop RPKI invalids
  • Set max-prefixes – our numbers are on PeeringDB

 Peering Providers – Egress:

  • See Transit Provider Egress
  • Send your internal routes
  • Send your customer routes – send your customer tagged routes based on your internal community
  • Do not use prefix lists alone – you MUST use prefix lists and communities together.

 

Tip Three: Adopt good routing practices

You should always have a consistent route advertisement policy. Don’t send /24s to peering and /22s to transit providers. Unfortunately, this adds junk into the ever-expanding global routing table and is not beneficial in any shape or form.

Our Tech Team Leader predicts that if we *remove* all the redundant specific routes – that is /24s when the same path exists with a /22 or something larger – we can reduce the size of the routing table from 870,317 routes all the way down to 390,074 routes (please note that this an internal finding and should be taken with a grain of salt).

 

 

The best local preference orders are:

  • Preference customer routes – they pay you, so if you have a route from a customer, you should use that first.
  • Preference peering routes – peering is cheap, so offload as much as you can here to reduce your transit bill
  • Preference transits – the *last* resort path, as it’s generally expensive

With everyone following the model above, using /24s on peering and /22s on transits makes no sense, as peering will already be preferred – YOU CAN HELP TO SAVE THE ROUTE TABLES!

 

Tip Four: Use Resource Public Key Infrastructure (RPKI)

If you haven’t already, deploy RPKI. This form of authentication helps by using Route Origin Authorisation (ROA), a form of authentication of the origin AS number to verify routes. Simply, it acts as a digital thumbprint.

Validate RPKI at every step. Validate routes from transit, peering, and customers.

  • If RPKI state is INVALID, then drop the route. Do not use it to route any packet – no matter what
  • If RPKI state is VALID, prefer this path over an unknown
  • If RPKI state is UNKNOWN, use this path at a lower preference

The Internet continues to be a place of opportunity, both good and bad, and we need to do our best to reduce our networks susceptibility to leaking and hijacking. To instantly reduce some of the vulnerabilities of your network, try following our tips for good BGP hygiene or get in contact to speak with one of our network experts at the Internet Association of Australia Ltd, who are always happy to help.

 

Disclaimer: Before choosing to action any of the tips in this post, please be sure to consult with your organisation’s network and security experts.

Recent Submission

IAA submitted to Home Affairs Strengthening Australia’s cyber security regulations and incentives paper. In our submission, we highlighted the complexity of existing cybersecurity legislation, especially for smaller ISPs to navigate. We commented on suggested mechanisms which could promote the uptake of cybersecurity, including minimum standards for personal information and health checks for small businesses. We called on Home Affairs to collaboratively engage with relevant industry stakeholders throughout the process of drafting cybersecurity regulation or processes.

IAA supported the extension of the Wholesale ADSL to 20 June 2024 in our recent submission to the ACCC. We raised the point that WADSL as continues to be prominent in rural, regional and remote areas, it needs to be provisioned for.

We also expressed our perspective on ACMA’s Statement of Expectations (SoE) for the Telecommunications Industry with regards to vulnerable consumers. We extended our support to the SoE, however, highlighted that for smaller ISPs, some objectives and examples regarding financial hardship and customer service would be difficult to meet because of resource constraints.

The ACCC published updated Non-Discrimination Guidelines for the telecommunications sector, a process we responded to in June. In the new Guidelines, the ACCC will assess whether NBN Co or access providers have acted in a discriminatory manner by conducting an explicit or implicit discrimination test. A quick summary of how this process will work is available here.

 

IAASysters@AusNOG Program

This year we launched our IAASysters@AusNOG program. The program is based on the international systers.org and systers@IETF programs and offers ten sponsored attendees the opportunity to participate in both the AusNOG conference and our IAASysters@AusNOG workshop 

We are passionate about cultivating a more inclusive Internet industry and have created the IAASysters@AusNOG program to support and enable women to access the valuable technical content and business networking opportunities that come from the AusNOG conference. 

Sponsored attendees will receive: 

  • Economy airfares to Sydney and three nights’ accommodation for interstate participants 
  • Admission to the AusNOG conference – provided by AusNOG (6-7 April)
  • Admission to the IAASysters@AusNOG workshop (April 5) 
  • A one-year complimentary Professional membership to IAA – subject to Board approval. 

An essential part of our program is the IAASysters@AusNOG workshop. This is a one-day event; offering targeted technical and presentation skills training in addition to a career planning session delivered by industry professionals, designed to help you advance your career. 

Whether you are at the beginning of your career, yet to begin or starting again, the IAASysters@AusNOG program offers a variety of opportunities designed to boost your knowledge, skills, and confidence. 

Due to the current Covid-19 situation in New South Wales, the program dates have changed to be in line with the AusNOG conference in December.  

Details for the IAASysters@AusNOG workshop: 

Date: Tuesday, 5 April, 2022
Time: 9:00am AEST – 3:00pm AEST
Location: The Fullerton Hotel, Sydney 

 Applications close on 31 Sunday, October 2021, 5:00pm AEDT.  

 For more information or to apply, please visit the IAASysters@AusNOG information page on our website. 

Program Sponsors

The IAASysters@AusNOG Program is proudly brought to you with the help of our sponsors.

Associations Forum WA Association Meeting

Associations strive to remain relevant, expand their reach and increase profitability. Those that survive and thrive have embraced principles of good governance. Join the Associations Forum at the WA Association Meeting and hear from Kitty Hibble, Executive Officer at Internet Association Australia (IAA), who will discuss the association’s governance transformation. 

Registrations are free and exclusive to Associations Forum members and not-for-profit organisations and will be open online from Tuesday, October 5, 2021. The registration link will be made available through IAA’s social media channels once registrations have opened. 

Date: Monday, October 25, 2021
Time: 3:00pm – 5:00pm AWST
Location: Pan Pacific Perth, 207 Adelaide Terrace, Perth CBD 

We hope to see you there! 

NetThing

We are excited to announce that we have put forward a submission to host a roundtable discussion exploring what classifying the Internet as an essential service would entail and its wider implications for digital inclusion, minimum service level requirements and digital infrastructure investment for the upcoming NetThing Forum.   

NetThing is Australia’s Internet Governance Forum, an annual two-day event bringing a diverse multidisciplinary community together for the discussion of policy issues pertaining to the Internet and technology in Australia. An open and inclusive platform, NetThing provides an opportunity to explore relevant topics, hear from a range of perspectives, and mobilise the community to collaborate on solutions.   

This event is set to take place on Thursday 4th and Friday 5th November 2021. It will focus on a metanarrative of ‘Building Bridges’ and encompassing NetThing’s desire to span the invisible divide between stakeholder groups and bring them together in a safe and moderated environment. The four themes for this year are health, trust, inclusion and environment.    

If this is an event you are interested in, you can register now or see their website for more details.