Route Origin Validation (BGP filtering based on ROAs) Tutorial

09:00 - 29 January 2020
17:00 - 29 January 2020
New Zealand
Rydges Latimer

Register now


Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism to ensure no one can inject false information into the global routing system that easily.

This workshop will look at current tools/techniques, how rPKI is just a piece in the puzzle, and what we should to secure the internet routing instead of waiting for an ideal solution that fixes all issues.


This tutorial is being delivered at NZNOG 2020, please visit the event website for full details and to register – http://www.nznog.org/nznog-2020


This workshop is not an introduction – It is assumed that the workshop participants have a working knowledge of an OSPF/IS-IS and BGP fundamentals, along with know how to use a router command line interface.

The lab exercises use Cisco IOS configuration syntax.

Course outline

  • Resource PKI
  • Why and how
  • Origin Validation
  • Creating ROAs
  • Installing setting up validators
  • Configuring routers to filter against ROAs

Other requirements

Hardware: It is highly recommended that participants bring their own laptop computers with Wifi(b/g/n) and administrative access to system to practice the lessons learned during the workshops.

Software: SSH Client, Telnet Client (PuTTy)