Live online: Securing Internet Routing – part 1 – theory

Synopsis

Why are BGP mishaps very common and frighteningly very easy – malicious route hijacking, mis-origination (fat fingers), and route leaks (bad filters). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.

This live online tutorial will look at current tools/techniques, how RPKI is just a piece in the puzzle, and what we should all do to secure Internet routing.

Fees

This online tutorial is fee-free.

Target audience

Anyone interested in understanding issues with BGP (Internet routing) security and practising good hygiene, including filtering based on ROAs.

Prerequisites

This workshop is not an introduction – It is assumed that the workshop participants have a working knowledge IP routing, along with know how to use a router command line interface.

The lab exercises use Cisco IOS configuration syntax.

Course outline

Recent Routing Incidents
Current tools/techniques
RPKI framework: resource certificates, origin authority, chain of trust
Creating ROAs
Deploying RPKI validators
RTR configuration on routers
Filtering with ROAs (Route Origin Validation)
Path Validation – why and how?

Other requirements

Hardware: It is highly recommended that participants laptop computers have Wifi(b/g/n) and administrative access to system to practice the lessons learned during the workshops.

Software requirements: SSH Client, Telnet Client (PuTTy)

Please note

This is a 2-part tutorial:

Wednesday 27 May – theory session

Thursday 28 May – lab session (note: you must attend the theory session to attend this session / there will be a limit on the number of attendees for this lab session)

Day 2 / 28 May – Registration URL: Register for day 2/part 2

Please note: so we can deliver the hands-on exercises effectively there are a limited number of places available for day two of this tutorial (28 May).

Please check the time zone and only register if you are able to attend.

If you register and are unable to attend please let us know as early as possible.

Local Contact

APNIC Training
Email: training@apnic.net

Course materials

View resources for this course

Trainers

Warren Finch – Senior Network Analyst / Technical Trainer

Warren is an experienced consultant and trainer with a demonstrated history of working in the information technology and services industry. Skilled in Windows, Cisco IOS, Virtualisation, Technical Support, and User Training.

Warren has been involved in the IT industry since studying microcomputers in 1994. He was employed as a System Administrator for TAFE NSW in Australia, then worked as a consultant installing and supporting computer systems in Hotels around the Asia Pacific region. The last 3 years he has worked for a managed service provider as a Senior Consultant, doing end to end support and upgrades for all components of the network/systems. In the beginning of 2018, he worked on a 4 month contract as an Instructor in Shanghai, China delivering the Cisco CCNA and CCNA security courses.

Tashi Phuntsho – Senior Network Analyst / Training Delivery Manager

Tashi has experience in IP and transmission network design, operation, and maintenance having worked as a transmission engineer and IP core network engineer for more than a decade. He has been involved in capacity development in the APNIC community by providing technical assistance and training in number of technical areas such as Routing & Switching, Network Architecture, IXP design and deployment, Network Security, IPv6 deployment, DNSSEC, and so on.

Tashi completed his undergraduate studies in Electrical and Electronics engineering from India, complemented by research studies in Japan and postgraduate studies in Network Systems from Australia.

Areas of Interest:

BGP, IS-IS/OSPF, IPv6, Securing Internet Routing (RPSL, RPKI, BGPsec), Network Security, DNS/DNSSEC, DWDM, SDH/SONET, SDN, Blockchain.

Muhammad Yasir Shamim – Network Analyst/Technical Trainer

Yasir joined APNIC after working as a Lead NOC specialist for an Internet Service Provider in Pakistan. He has more than a decade’s experience in Routing & Switching with skills in IP/MPLS and BGP, Metro Ethernet, GPON, Satellite Point to Point and Multipoint & RF. He completed his BS Electronics Engineering in Network and Telecommunication and ME in Telecommunication from Pakistan.

His areas of interest include IPv6, Network Automation, Internet Routing Security RPKI and SDN. He actively volunteers his time as a Program Committee member for SANOG and was involved in setting up the first local IXP in Karachi, Pakistan.