Tutorial

PacNOG 29: Securing Internet Routing with RPKI

Start
08:30 - 01 December 2021
End
13:30 - 02 December 2021
Location
Time shown in UTC+10

Register now

Synopsis

Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.

This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

This live eTutorial is being delivered for PacNOG 29, please visit the event website for full details and to register: https://pacnog.org/pacnog29/

Target audience

Anyone interested to understand the RPKI framework and how it helps secure Internet Routing.

Prerequisites

This tutorial is not an introduction. It is assumed that the participants have a working knowledge of:

  • IP Routing (esp BGP)
  • How to use a router command line interface (IOS syntax).
  • Basic Linux command line (CLI) skills.

We recommend the following Academy courses be completed before the start of the tutorial:

Course outline

  • Recent Routing Incidents
  • Current BGP Filtering techniques
  • Resource PKI fundamentals
  • Signing your routing intent (ROAs)
  • Installation/configuration of RPKI Validators
  • BGP Filtering with ROA (Route Origin Validation)
  • Overview of BGPsec and ASPA

Other requirements

Participants are advised to bring their own laptop computers with high-speed Wi-Fi (802.11a/g/n/ac) and administrative access to system.
Software: SSH Client