This document discusses strengthening internet infrastructure in the Philippines. It begins by noting the growth in ASN holders in the Philippines from 2014 to 2018. It then discusses changes to the internet infrastructure, such as the shift from a centralized transit model to a more distributed peering model. The rest of the document focuses on ways to improve network capabilities, such as improving traffic management, interconnection, protocol usage, and security. It also discusses improving the capabilities of individuals, teams, and communities who work on internet infrastructure. The document provides recommendations in each of these areas and lists additional resources for further information.

1. Issue Date:
Revision:
Strengthening Internet infrastructure
in the Philippines
PHNOG, Davao City, 4 July 2018
Sanjaya
Deputy Director General - APNIC

2. Before we start
• Who's here?
Telco
ISP / cable TV
Data centre / cloud
University / research
Corporate
Platform provider (Google / Facebook / Microsoft, Alibaba etc.)
2

3. Four years ago (2014)
• Celebrating Philippine's 20-year Internet anniversary
• Spoke about the same topic of strengthening Philippine's Internet
Focused on the quantity of network nodes
• ASN holders in Philippines have grown by around 50% since
3

4. ASN holders in Philippines
• 300 ASNs managed by 153 organizations • 416 ASNs managed by 230 organizations
823
358331
300
227
178
55
INDONESIA
THAILAND
SINGAPORE
PHILIPPINES
VIETNAM
as of 31 Mar 2014
1350
529
487
416
368
243
886826 INDONESIA
THAILAND
SINGAPORE
PHILIPPINES
VIETNAM
MALAYSIA
CAMBODIA
MYANMAR
LAO
as of 30 Jun 2018
4

5. Visible on the routing table
5

6. 6

7. 7

8. This time let’s focus
on quality
8

9. Overview
• Internet infrastructure
Definition
Changes to the Internet infrastructure
• Improving network capabilities
Traffic management
Interconnection
Protocols
Security
• Improving people capabilities
Individual
Team
Community
9

10. Internet infrastructure
• In this presentation, Internet infrastructure means layer 3 and below
The Open Systems Interconnection (OSI) model
Layer 3
and
below
10

11. Changes to the Internet infrastructure
• From Geoff Huston's (APNIC Chief Scientist) presentation at APRICOT
2017 titled 'The Death of Transit'
11

12. 12

13. 13

14. 14

15. 15

16. 16

17. 17

18. 18

19. 19

20. 20

21. Strengthening Internet infrastructure
• Given the changing architecture of the Internet, what does it take to
strengthen its infrastructure (layer 3 and below)
• How can we build and operate a fast, reliable, and secure infrastructure
that meets the 'upper layers' needs?
21

22. Improving network capabilities
• Traffic management
• Interconnection
• Protocols
• Security
22

23. Traffic management
• Monitor
Flow direction and timing
Load pattern (Continuous vs diurnal vs unpredictable)
Symmetric vs Asymmetric
Synchronous vs Asynchronous
• Control
Bandwidth provisioning that matches application's need
Dynamically adjust as pattern change
• Tools
Use a mix of commercial and open source software that fits your budget
23

24. Interconnection
• External
Choice of upstreams (yes, it's OK to connect to multiple upstreams)
Peering
 Direct interconnect or through IXP
 Bilateral or multilateral
• Internal
Network topology design
 To support your specific traffic profile
 To provide internal path redundancy
24

25. Protocols
• Can you survive with the limited number of IPv4?
Should you consider IPv6?
• What routing protocols to use?
External: BGP or static routing?
Internal: OSPF or ISIS or RIPv2 or EIGRP
• New protocols to be aware of
QUIC (it's like TCP+TLS+HTTP/2 implemented on UDP)
TCP BBR for congestion control
25

26. Security
• In today's condition, never treat security as an afterthought
• Routing: Follow IETF's BCP38 (Network Ingress Filtering) and MANRS
(Mutually Agreed Norms for Routing Security) currently promoted by
ISOC
• Firewalls: Watch and block malicious traffic at the borders
• Intrusion and malware detection: Observe internal traffic from/to every
device (or use tools such as Darktrace and FireEye) and escalate any
anomalies found
• Regular off-line backups to ensure recovery from untainted source
26

27. Improving people capabilities
• Individual
• Team
• Community
27

28. Individual
• Train regularly
Train at least two people for every skill set
Vendor certifications
Practical operational skills
• Specialization
Avoid investing in specialised skills that can be automated in the future
Train to become a 'polymath' (a person whose expertise spans a significant
number of different subject areas)
• Programming/automation skill is key in operating a network
Know how to write, test and deploy code, or
Know how to specify and get it written, tested and deployed
28

29. Team
• Segregate operations from development team for improved stability
Rotate roles if possible to spread experience across all team members
• Establish an incident response team
Follow best practices in managing security incidents
• Adopt standard practices such as ITSM/ITIL, ISO 27001 etc that suits
your organization
Source: NIST Computer Security Incident Handling Guide
29

30. Community
• PHNOG!
Share operational experience; learn new things
• Security
DICT National Cybersecurity Plan 2022: Build CERT capabilities at every level
and sectors (National, Govt, Military, Corporation, etc.)
• Policy and Governance
Take part at policy discussions in the region and globally
 Ensure that local situation and needs are considered
Policies and regulations are best if discussed in a bottom-up fashion involving
multiple stakeholders
30

31. Resources
• https://www.apnic.net
/ipv6 - Information about IPv6 and deployment case studies
/security - Learn more about APNIC security related works
/training - Training curriculum and schedule
/policy - Latest policy documents on Internet numbers (ASN & IP address)
/blog - Lots of useful articles for network operators
/vizas - AS interconnections visible on the global routing table (by economy)
/helpdesk - We're here to help!
31