Synopsis
Why are BGP mishaps very common and frighteningly very easy – malicious route hijacking, mis-origination (fat fingers), and route leaks (bad filters). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
This live online tutorial will look at current tools/techniques, how RPKI is just a piece in the puzzle, and what we should all do to secure Internet routing.
Fees
This online tutorial is fee-free.
Target audience
Anyone interested in understanding issues with BGP (Internet routing) security and practising good hygiene, including filtering based on ROAs.
Prerequisites
The lab exercises use Cisco IOS configuration syntax.
Course outline
-
Recent Routing Incidents
-
Current tools/techniques
-
RPKI framework: resource certificates, origin authority, chain of trust
-
Creating ROAs
-
Deploying RPKI validators
-
RTR configuration on routers
-
Filtering with ROAs (Route Origin Validation)
-
Path Validation – why and how?
Other requirements
Hardware: It is highly recommended that participants laptop computers have Wifi(b/g/n) and administrative access to system to practice the lessons learned during the workshops.
Software requirements: SSH Client, Telnet Client (PuTTy)
Please note
This is a 2-part tutorial:
Wednesday 27 May – theory session
Thursday 28 May – lab session (note: you must attend the theory session to attend this session / there will be a limit on the number of attendees for this lab session)
Day 2 / 28 May – Registration URL: Register for day 2/part 2
Please note: so we can deliver the hands-on exercises effectively there are a limited number of places available for day two of this tutorial (28 May).
Please check the time zone and only register if you are able to attend.
If you register and are unable to attend please let us know as early as possible.
Local Contact
Email: training@apnic.net