We are excited to announce that Google has joined VIC-IX! With Google being only one hop away across VIC-IX, your customers can now access a wide range of their favourite content through our network.
It’s always good to have quality content providers joining. If you have any content providers that you would like to see on our IX’s, we would love to hear from you!
This year, our network change embargo period is from 22nd December 2021 through to 10th January 2022 inclusive. This means that we won’t be provisioning any new services or changing any existing services during this period. Support staff will, of course, be on call to deal with urgent issues or network emergencies should they arise.
Please remember all orders and change requests need to be received by 10th December, 2021. Login to the portal now if you need that upgraded or extra port!
We all know about Border Gateway Protocol (BGP). We also know that it’s permissive by nature and that serious problems can happen when routes are leaked or, worse still, hijacked. In previous years, even prominent organisations such as Google, Apple, Facebook, YouTube, and Microsoft have been victims of hijacking, which is a good reminder that we need to actively prevent it.
So, the question remains, how do we protect ourselves and reduce our networks’ vulnerability to leaking and hijacking? Think BGP security!
Although it’s a topic that has been widely discussed for many years, there are a few things you can do to instantly improve BGP security on your network by adopting some of our tips for good BGP hygiene.
Tip One: Block bogons
Plain and simple, by definition, bogon prefixes should not exist on the Internet. Bogon routes are bogus. They are those routes that comprise IP address ranges mistakenly, or purposely, advertised that are unassigned, or even reserved for something else altogether. We should not be receiving or sending packets from them, and if collectively blocked, we can protect our networks.
What do people achieve by using this space? SPAM! You can use a prefix that no one owns and spam to your heart’s content. TEAM CYMRU provides a BGP feed that you can use to drop these at your edges automatically.
Tip Two: Filter, filter, filter!
Filtering should be applied at every stage, starting with a ‘drop all’ and being specific about what to allow.
Transit Providers – Ingress:
Transit Providers – Egress
Customers – Ingress
Peering Providers (that’s us) – Ingress:
Peering Providers – Egress:
Tip Three: Adopt good routing practices
You should always have a consistent route advertisement policy. Don’t send /24s to peering and /22s to transit providers. Unfortunately, this adds junk into the ever-expanding global routing table and is not beneficial in any shape or form.
Our Tech Team Leader predicts that if we *remove* all the redundant specific routes – that is /24s when the same path exists with a /22 or something larger – we can reduce the size of the routing table from 870,317 routes all the way down to 390,074 routes (please note that this an internal finding and should be taken with a grain of salt).
The best local preference orders are:
With everyone following the model above, using /24s on peering and /22s on transits makes no sense, as peering will already be preferred – YOU CAN HELP TO SAVE THE ROUTE TABLES!
Tip Four: Use Resource Public Key Infrastructure (RPKI)
If you haven’t already, deploy RPKI. This form of authentication helps by using Route Origin Authorisation (ROA), a form of authentication of the origin AS number to verify routes. Simply, it acts as a digital thumbprint.
Validate RPKI at every step. Validate routes from transit, peering, and customers.
The Internet continues to be a place of opportunity, both good and bad, and we need to do our best to reduce our networks susceptibility to leaking and hijacking. To instantly reduce some of the vulnerabilities of your network, try following our tips for good BGP hygiene or get in contact to speak with one of our network experts at the Internet Association of Australia Ltd, who are always happy to help.
Disclaimer: Before choosing to action any of the tips in this post, please be sure to consult with your organisation’s network and security experts.
We are pleased to announce the purchase of 35 Nodegrid Gate Services Routers and two Net Service Routers that will improve our network management and infrastructure. These new pieces of hardware will be used for both in-band and out-of-band services, with one device located in each point-of-presence (PoP) on our network.
These routers provide peace of mind in the unlikely event that equipment breaks down by ensuring engineers can gain access to broken devices. The new ZPE Systems hardware will also contain both Telstra and Optus SIM cards to ensure redundancy and continuous coverage.
In future, we will also be able to create data centre latency maps available on Grafana and, later, the members portal.
At long last we have migrated off the BDX8. When Covid prevented the road trip to Melbourne the team had planned, it was down to crossing our fingers and hoping Delta could be stopped. After 6? 8? 10? weeks of lockdown and countless error messages, the decision was made to pull the proverbial plug, and engage remote hands.
Aaron has apparently compiled the best set of work instructions ever, and our remote smart hands followed the bouncing ball all the way through to the end. The BDX8 is no longer at the heart of VIC-IX; however, it continues to have three 1Gbps users.
A special thanks to Aaron for a great job, our remote hands for your assistance over the distance, Nick for the late-night supervision, and to Washif for the checking.
Brilliant effort, team. A huge well done.
This morning, members received an email regarding a configuration issue with Netflix caches. The issue was recently identified and has since been resolved. As a result, members will need to complete the following process to access these caches:
1. Create an AS-SET that lists your residential customers or provide the information to our team.
2. Tag BGP advertisements to route-servers with the following communities, based on peering location.
If you require any further information or assistance, please do not hesitate to contact our team at support@internet.asn.au or call us on 1300 793 320.
During the month of August, both IAA and New Zealand Internet Exchange (NZIX) hit new records across their exchanges. With half of Australia in lockdown, we hit a new record of 790Gbps over the weekend ending Sunday, August 22, 2021, breaking our previous record of 750Gbps.
In comparison, as lockdown commenced across the ditch, so too did the spikes in traffic across AKL-IX and CHC-IX, with Auckland reaching an all-time high of 341Gbps with plenty of room to spare. The peaks continued across the remainder of the week finishing off with a Friday afternoon high of 335Gbps.
Primus DC, located at 55 King Street, Melbourne, is closing, and we have been advised that we need to vacate the premises by 30 September 2021. Unfortunately, this means members with ports within the data centre will be affected as we will no longer be offering services from this facility after that date.
Rest assured that we are working hard to ensure service continuity despite the closure and request that members with a current service at 55 King Street migrate to any of our other sites on VIC-IX. All location options can be found on our website. Hopefully, you’ve already seen the relocation of the route server from that site, and a shorter ring transit time with our rearrangements already completed.
If you require any further information or assistance with your migration, please get in touch at peering@internet.asn.au Time is running out!
IAA has been notified of the upcoming closure of Primus DC, located at 55 King Street, Melbourne.
Vocus has advised us that we need to vacate the premises by 30 September 2021. Unfortunately, this means members with ports within the data centre will be affected as IAA will no longer be able to offer services from this facility after that date.
Rest assured that we are working hard to ensure service continuity despite the closure and request that members with a current service at 55 King Street migrate to any of our other sites on VIC-IX. All location options can be found on our website.
If you require any further information or assistance with your migration, please get in touch at peering@internet.asn.au
Complete this form to receive all our latest news, events and updates.
