Tutorial

vPhNOG 2.0 : Securing Internet Routing with RPKI live eTutorial

Start
15:00 - 14 July 2021
End
19:00 - 14 July 2021
Location
Time shown in UTC +10:00

Register now

Synopsis

Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else?

BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanisms to ensure no one can inject false information into the global routing system that easily.

This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Target audience

Anyone interested in understanding the RPKI framework and how it helps secure Internet Routing.

Prerequisites

This tutorial is not an introduction. It is assumed that participants have a working knowledge of:

  • IP Routing (especially BGP)
  • How to use a router command line interface (Cisco IOS configuration syntax).
  • Basic Linux command line (CLI) skills

    Course outline

    • Recent Routing Incidents
    • Current BGP Filtering techniques
    • Resource PKI fundamentals
    • Installation and configuration of RPKI Validators
    • BGP Filtering with ROA (Route Origin Validation)
    • BGPsec and ASPA overview

    Other requirements

    Participants are advised to bring their own laptop computers with high-speed Wi-Fi (802.11a/g/n/ac) and administrative access to system. It is also recommended that laptops have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.

    Software: SSH Client

    Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure? Test ssh connectivity, try to connect to route-views.routeviews.org. For example from the CLI type: ssh rviews@route-views.routeviews.org