The African Peering and Interconnection Forum addresses the key interconnection, peering, and traffic exchange opportunities and challenges on the continent and provides participants with global and regional insights for maximising opportunities that will help grow Internet infrastructure and services in Africa. The session of 2019 took place at the Intercontinental Hotel at Balaclava in Mauritius.
Day 1 - Tuesday
Unfortunately, a lot of members of CyberStorm.mu couldn’t attend the first day due to various reasons. I was really looking forward to going to the event and meeting interesting people. Me, Nathan, Didier and Nishant reached the Intercontinental Hotel at around 12 30. After taking a cafe, we went for lunch. The food was great and I ate so much that I couldn’t ingest more at night, later that day. Then, me and Nathan followed conferences led by various entities in Mauritius who tried to convince organisations and societies present to make links with them. They were talking about the GDP and population of islands in the Indian Ocean while contrasting with the benefits our country provided. We again had a coffee break after which we assisted to another conference about policies. Of course, during our whole journey there, Me and Nathan picked up goodies from the many organisations present. We had got a ton of brochures, shirts, pens, a pair of wireless earphones and various other misc stuff at the end of the day.
Day 2 - Wednesday
I woke up early and met with other members of the CyberStorm.mu team. There were Logan, Jeremie, Kifah, Nathan, Muzaffar, Codarren, Didier, Nishant and myself present. We had breakfast with members of the Internet Society while talking about IETF and lightly discussing about all the progress made in this sector.
After walking around and talking to other individuals, we assisted to conferences about internet standards and technologies being used, one of which was led by Logan from AFRINIC. After having lunch, we further attended some more conferences until we had to head back home.
Unfortunately, none of us could attend on Day 3. Overall, it was a fun and enriching experience even if most of us didn’t understand much in some conferences. It was awesome meeting new people, the food was excellent and the goodies were really much more than what we expected them to be.
Meeting with the Director of Network Engineering of Cloudflare
I was really looking forward to meeting Jerome Fleury of Cloudflare from 13 00 to 15 00 at the Voila Hotel at Bagatelle. I met friends and members of CyberStorm.mu. Jerome briefly talked about how security was overlooked and wasn’t a primary consideration on the internet years ago initially before introducing us to the Border Gateway Protocol (BGP) which is basically a routing protocol used to transfer data and information between different host gateways, the Internet or autonomous systems.
He then gave examples of major BGP leaks which occured over the past couple of years. Essentially, a BGP leak is the redirection of traffic through an unintended path, which, in the context of the current discussion, may result in an overload. These major BGP leaks were mostly result of misconfigurations.
The example of the recent BGP leak involving Verizon was heavily used for further explanations. In few lines, an Internet Service Provider, DQE Communications was using a BGP optimizer, which meant that they had more specific routes to their destination. These specific routes were announced to their customer, Allegheny Technologies Inc, this information further being sent to a transit provider, Verizon, which is also a Tier 1 internet provider. These specific routes shouldn’t be forwarded to the rest of the Internet. Unfortunately, due to Verizon’s lack of filtering, Verizon, Allegheny, and DQE suddenly had to deal with a drastic increase in traffic. These networks weren’t suitably equipped to deal with all this traffic. This rendered many services online inaccessible and a noticeable difference in speed.
Further more, Jerome talked about easy solutions that can be implemented to prevent BGP leaks. This includes adopting peer locking mechanisms which makes Tier 1 internet providers reject routes of other Tier 1 internet providers or setting up RPKI, which is a Public Key Infrastructure framework suitable to routage, requiring signed SSL certificates. Other solutions also include configuring routers with MANRS or IRR filtering. A lot of BGP leaks can be easily avoided if all major internet providers did efforts to implement all these solutions. Fortunately, the Verizon BGP leak was resolved by phone calls by the network team at Cloudflare. It was a really interesting and instructive meetup, and it wasn’t so hard grasping what Jerome was talking about.