Embed Size (px)
Citation preview
Issue Date:
Revision:
ASN distribution and interconnection in Indonesia
12 June 2015
1.0
Overview
Introduction to ASN: What is it, how to get it, and why is it important?
2-byte and 4-byte ASN
ASNs in Indonesia: Distribution and Interconnection
AS interconnection: It’s about cost, resiliency and performance
Looking ahead
Introduction to ASN
Routing the Internet
• Every Internet router needs to know the relative location of every destination address on the Internet
• Location information is distributed across the Internet using routing architecture
• The Internet is divided into “clouds” of interconnection called “networks”– Interior routing protocols (OSPF, IS-IS, etc) maintain the internal
connectedness with a network– Exterior routing protocols (BGP) maintain a map of how each of
these networks connect to each other– BGP uses the concept of an Autonomous System Number to
uniquely identify each component network
Routing and ASN
• RFC 1930:– An AS (Autonomous System) is a connected group of one or more IP
prefixes run by one or more network operators that has a SINGLE and CLEARLY DEFINED routing policy.
– An AS has a globally unique number (sometimes referred to as an ASN, or Autonomous System Number) associated with it. This number is used in both the exchange of exterior routing information (between neighbouring AS’s), and as an identifier of the AS itself.
ASN distribution
2-byte and 4-byte ASN
• 2-byte (16 bit ASN)– Range: 0 – 65535– Reserved: 0, 65535– Documentation & Sample Code Use: 64496-64511– Private Use: 64512 – 65534– Public Use: 1 – 64495 (‘23456’ is used for 4-byte transition purposes)
• 4-byte (32 bit ASN)– Range: 0 – 4294967295– Additional Reserved: 65552 – 131071, 4294967295– Additional Doc. & Sample Code Use: 65536 – 65551– Additional Private Use: 4200000000 – 4294967294– Additional Public Use: 131072 – 4199999999
2-byte ASN status
199 remain at IANA (as of 8 June 2015)
http://www.potaroo.net/tools/asn16/
4-byte ASN deployment
• A few issues due to old equipment & network operating systems– Better acceptance now
in all regions
• Can not be used in BGP community attribute– BGP community attribute
is a 32-bit value, the lower 16-bit specifies the ASN
• Otherwise it WORKS JUST FINE
AS interconnection
11
The Internet
• Networks worldwide interconnect to form the Internet. They include ISPs, Internet Exchange Points, Universities, Corporate networks, etc.
• Each dot represents an AS
• There are 47,000+ ASNs currently active in the Internet
peer1.com
Network Interconnection
202.178.112.0/242400:3E00:DD::/48 202.178.112.0/24
2400:3E00:DD::/48
Multi-homed networkMAY have a need for BGP and public ASN
Single-homed networkNo need for public ASN
Why multihome with BGP and use a public ASN?
Good interconnection strategy can lower cost of operation by directing traffic through the most cost effective connections wherever possible
Understanding where your network traffic goes and when possible shortening the path to your main customers/suppliers/partners could result in better overall network experience
Looking further than next hop path diversification allows you to better evaluate interconnection options, which in turn could result in better network resiliency
Cost
Performance
Resilience
Global AS Core
Economy level ASN transit map
Data source
• Routeviews.org– RIBs from routers located in various locations (mostly Internet
Exchanges) around the world (US, Japan, Korea, UK, Australia, Brazil, Singapore, Serbia)
• First week of April 2015 data
• RIBs collected every two hours– This is a snapshot, not live data
• This visualisation tool is a work in progress– APNIC values your feedback
ExplanationTop view Side view
ExplanationTop view Side view
ASNs with more downstreams are displayed closer to the centre
ExplanationTop view Side view
Lowest ASN shown at the top, followed by higher ASNs in a clockwise direction
ExplanationTop view Side view
Darker nodes/path means there are more IP addresses involved in that route
ExplanationTop view Side view
Maximum observed path length
Singapore
Malaysia
Philippines
Thailand
Indonesia530 advertised ASNs
4-byte ASN in Indonesia
4-byte range
4-byte ASN in Indonesia
4-byte ASN in Indonesia
Measurements by the Atlas project
RIPE Atlas employs a global network of probes that measure Internet connectivity and reachability, providing an unprecedented understanding of the state of the Internet in real time
https://atlas.ripe.net/ Need more probes in Indonesia
Domestic/International path
Domestic/International path
AS4796
AS59785
Domestic/International path
AS4796
AS38158
Transit & peering view
• Visibility of private peerings, which can not be seen on the global routing table
Need your help
• More Atlas probes on different ASNs, cities, transit paths, exchanges, etc.
Looking ahead
• As more organisations interconnect with upstreams, downstreams and peers, the number of advertised ASNs will continue to grow
• Opportunities to reduce cost, improve resiliency and performance will be available to those with awareness of this rich network ecosystem
• New technologies such as SDN and network virtualisation will drive innovations and change the way networks are interconnected, so expect to see a more dynamic ecosystem in the future
Things to consider if you operate an ASN
Routing Security
Registration
Aggregation
Routing security
• As more networks interconnect, security and stability risks such as route hijacking, accidental route leakage and other issues can escalate
• Register and maintain your ‘route’ and ‘route6’ objects in the APNIC Whois database– Ensure the import and export attributes accurately reflect your actual
routing policy
• Create your ROA– A ROA or Route Origin Authorization is an attestation of a BGP route
announcement. It attests that the origin AS number is authorized to announce the prefix(es). The attestation can be verified cryptographically using RPKI
ROA
• Create your ROA now in MyAPNIC (or ask IDNIC)
• Benefits– Verify whether an AS is authorized to announce a specific IP prefix– Minimize common routing errors– Prevent most accidental hijacks
• What's contained in a ROA– The AS number you authorize– The prefix that is being originated from it– The most specific prefix (maximum length) that the AS may announce
• Example of what a ROA says in plain language:– "ISP 4 permits AS 65000 to originate a route for the prefix
192.2.200.0/24"http://www.apnic.net/roa
Registration
• With IPv4 address space nearing exhaustion and transfers taking place, it’s really important that everyone keeps the resource registry updated
• Protect your Internet resource registration information– Keep your APNIC Whois data up to date
• IPv4 range (inetnum)• IPv6 range (inet6num)• ASN (autnum)• Admin contact (admin-c)• Technical contact (tech-c)• Incident Response Team contact (irt)
• Help everyone resolve operational issues quickly– Report invalid contacts
Aggregation
• As more routing information entries get added to the global routing table, it’s important that prefix announcements are aggregated whenever possible
• The algorithm used in the report (see next slide) proposes aggregation only when there is a precise match using AS path so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes').
http://www.cidr-report.org
43
![JAWDAT NGN IDNOG v1.0 (public)[COPY]](https://img.dokumen.tips/doc/110x75/5577ce94d8b42ae0418b4c1d/jawdat-ngn-idnog-v10-publiccopy.jpg)
