Internet Safety

Our ideal is realize the safe Internet. We think that any network operators has a responsibility to improve the problems of the Internet. Therefore the following measures were implemented in our network.

1. Antispoofing

We have implemented Ingress Filtering by uRPF based on BCP38(RFC2827) and BCP84(RFC3704). It is enforced to any users of Experimental Connectivity Services.

• Single homed customer : uRPF strict mode policy
• Multi homed customer : uRPF loose mode policy

2. Filtering

For transit or private peer connection, we have implemented route filters for both directions which recommended in extension of the JANOG comment 1000/1006.

JANOG Comment (japanease only)： https://www.janog.gr.jp/doc/janog-comment/

For customer peer connection, we have implemented Prefix and AS-Path based route filter for inbound routes.

3. Database registration

We maintain IRR objects in timely manner.
The route objects and as-set object(AS-HOMENOC) is registered in RADB and JPIRR.

We requires IRR registration if customers wants to use their PI addresses. We checks IRR records periodically to avoid unfair use.

We also maintain whois records in timely manner.

4. RPKI

We have registered ROA objects to RPKI systems which provided by JPNIC.

• Registered ROA objects
  • 2403:bd80::/32-48 (AS59105)
  • 103.48.31.0/24 (AS59105)
  • 103.202.216.0./23-24 (AS59105)
  • 103.247.181.0/24 (AS59105)
  • 202.226.4.0/22-24 (AS59105)

We have built two ROA cache servers in West Japan and Eastern Japan, and refer to them in our backbone router via RPKI-RTR (RPKI to Router Protocol). When router founds any routes which invalidated in Route origin validation process, the routes will be deleted from backbone router.

5. MANRS

We participate in MANRS, an activity aimed at ensuring the security of BGP routing, which the ISOC (Internet Society) aims to spread worldwide.

https://www.manrs.org/isps/participants/entry/679/