Achieving the goal of stabler, more reliable IP transit

Achieving the goal of stabler, more reliable IP transit

Liberty Global Antoin Verschuren.jpg
Antoin Verschuren

Liberty Global's Antoin Verschuren says ensuring a secure network requires robust tools and monitoring.

With demand for international bandwidth reaching almost 1,000Tbps last year, it’s clear how crucial a part IP transit plays in the world of today. That means carriers need to invest in new infrastructure to meet those needs.

Such deployments mean new opportunities, yet at the same time carry risks. “The biggest challenge in the industry at the moment is to retain a stable and reliable network at a growing scale,” says Antoin Verschuren, senior manager for network security at Liberty Global.

As just one example of network threats, the world saw an 800% rise in DDoS attacks between the first quarters of 2013 and 2022, reaching 13 million for the whole of 2022.

Those that can manage threats effectively and keep their network dependably running have a real chance to gain a competitive advantage by ensuring trust. “Everybody needs to realise it’s their responsibility to implement the latest security and provisioning processes,” says Verschuren.

“Over the past decades, security has often been seen as a cost, and the administrative processes involved as boring and non-innovative. But I want to challenge that mentality because implementing network security immediately brings you a lower cost by avoiding incidents and reducing traffic. Customers are also willing to pay a little bit extra for a reliable network.”

International IP

As a tier-one provider, Liberty Global’s own IP transit services support more than 13 million broadband connections in Europe and offer speeds of up to 100Gbps, while the company has points of presence in major international data centres in the region and in the US. It has private peering relationships with all the major autonomous system numbers to which it is directly connected, helping ensure the shortest, fastest traffic routes.

The company’s service, meanwhile, has a 99.95% availability rate, reflecting the priority it places on preventing network disruptions, with Liberty Global seeing security as a key differentiator on its IP transit network. “As a tier-one network, we’re at the top of the hierarchy, so we feel we have a responsibility to protect the network,” says Verschuren.

He highlights how the company has put itself at the forefront of adopting the latest frameworks for secure routing, such as MANRS (Mutually Agreed Norms for Routing Security) and RPKI (Resource Public Key Infrastructure). As Verschuren explains, proven methods like RPKI not only protect against hijacks of the Border Gateway Protocol – the internet’s routing protocol – but also against configuration errors, which he points out make up the vast majority of routing mistakes.

Other measures that Liberty Global uses include source address validation for protection at the network edge, and auto-detection and mitigation functions for DDoS attacks. The company’s MANRS compliance also ensures that peering and customer networks cannot accidentally participate in DDoS attacks using spoofed IP addresses or attract traffic that shouldn’t come to their network. “We have the scale to offer large-scale DDoS protection services,” says Verschuren. “You need a big network and a lot of capacity to do this.”

Keeping watch

He adds that keeping the network clean requires continuous monitoring and administration, tedious as it may seem. Doing that, and getting to know the network topology inside out in the process, helps with taking swift, decisive action in the event of an incident. “Administration is so important to get to know your network so you know where you can implement mitigations,” says Verschuren.

One key to better overall IP security is to convince companies that buy services why it’s so crucial – something Verschuren says is increasingly understood, but that there can be a lack of experience and prioritisation in adjusting processes. “If they cannot do it, we’re happy to help them,” he says.

While having a secure network is a competitive advantage, it also requires collaboration to make overall infrastructure stabler for the benefit of everyone. “Working in the internet industry is always about cooperating with peers because you cannot do anything on your own,” says Verschuren. “That’s why we’re involved in organisations and initiatives like the Internet Engineering Task Force and MANRS.”

If robust individual measures can be combined effectively with such collaborative industry approaches, it will mean a safer, better-running global IP transit market for all.

Gift this article