Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
This two-part tutorial will look at current tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.
This online tutorial is fee-free.
Anyone interested in understanding issues with securing the internet routing system and the use of filtering tools/techniques including filtering using ROAs.
This workshop is not an introduction – It is assumed that the workshop participants have a working knowledge of IP routing, along with know how to use a router command line interface.The lab exercises use Cisco IOS configuration syntax.
It is recommended that these APNIC Academy online courses are completed before the start of the tutorial:
- Routing Basics: https://academy.apnic.net/en/course/routing-basics/
- Deploying BGP (Cisco IOS) virtual lab: https://academy.apnic.net/en/virtual-labs/
Intro to RPKI
Route Origin Validation
Deploying RPKI validators
RTR configuration on routers
Defining BGP policies to act on validation states
Hardware: It is highly recommended that participants bring their own laptop computers for lab work.
Software: SSH Client, Telnet Client
Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure? Test ssh connectivity, try to connect to route-views.oregon-ix.net. For example from the CLI type: ssh firstname.lastname@example.org
This is a 2-part tutorial, to be delivered 1.00pm-4.30pm (UTC +10:00) on 14 and 15 January.
Please check the time zone for your location.
Please note: so we can deliver the hands-on exercises effectively there are a limited number of places available.