noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Norman Y. Mineta San José[...]

Bay FC and San José Mineta International (SJC) Airport Unveil New Bay[...]
City of Los Angeles, CA

DAY ONE RECAP: Mayor Bass Arrives in Paris as Part of White House[...]
Mitt Romney

Romney, Murphy Unveil Bill to Keep Smartphones Out of the Classroom

Technology

APNIC Pty Ltd.

26/07/2024 | Press release | Distributed by Public on 25/07/2024 23:42

Telekom Malaysia lights up RPKI statistics

Adapted from Moritz Kindler's original at Unsplash.

In an earlier post, I explained Telekom Malaysia's (TM) (ASN4788) RPKI journey and goal in detail. To briefly recap, TM was founded in 1984 and has since become Malaysia's (MY's) largest provider of various telecommunications services. In recent years, we recognized the importance of RPKI and Route Origin Authorization (ROA) as a preventative measure against security issues.

TM's journey began by installing RPKI validators in their BGP systems and updating ROAs. The initiative required engagement with higher management and careful planning, including a lab setup to test and validate configurations. We overcame the challenges of updating node versions, choosing the right validators, and handling issues with older vendor software.

After successful lab tests, TM deployed RPKI in production, starting with a pilot phase. Learning from the pilot, we standardized configuration parameters across vendors and carefully monitored invalid routes to minimize unintended traffic drops.

The deployment process included extensive communication with upstream and peering partners and despite some initial delays, by November 2023 TM was dropping invalids.

Fast forward to June 2024 and across all peering and upstream connections worldwide, the result of this effort is a 'Greener MY' (in terms of statistics, that is). Before execution, data from APNIC Labs indicated that the I-ROV filtering rate in Malaysia remained at a stagnant linear percentage.

However, after TM completed dropping the invalid routes, that percentage significantly increased to around 25%. This marks a substantial growth, changing the indicator for Malaysia from amber to green, as Tables 1 and 2, and Figures 1 and 2 show.

All the planning, validation, and execution efforts by the team were entirely worth it. It was never about being the first or the biggest from the beginning; it was about protecting our customers from route hijacking and contributing to a cleaner Internet ecosystem.

We've done it and will continue to improve to ensure everything remains secure and in place.

I'd like to once again emphasize the importance of seeking help and collaboration in such projects. Deploying and dropping invalid routes isn't difficult with the technical expertise of APNIC and the support of vendors and partners.

Muzamer Mohd Azalan is currently attached to the Core IP Development team in Telekom Malaysia. He has 14 years of working experience in Network Operations and Development teams. His interests are in routing protocols, routing security, and SDN. Muzamer also volunteers as an APNIC Community Trainer.

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format