Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else?
BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanisms to ensure no one can inject false information into the global routing system that easily.
This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.
Anyone interested in understanding the RPKI framework and how it helps secure Internet Routing.
This tutorial is not an introduction. It is assumed that participants have a working knowledge of:
IP Routing (especially BGP)
How to use a router command line interface (Cisco IOS configuration syntax).
Basic Linux command line (CLI) skills
Recent Routing Incidents
Current BGP Filtering techniques
Resource PKI fundamentals
Installation and configuration of RPKI Validators
BGP Filtering with ROA (Route Origin Validation)
BGPsec and ASPA overview
Participants are advised to bring their own laptop computers with high-speed Wi-Fi (802.11a/g/n/ac) and administrative access to system. It is also recommended that laptops have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
Software: SSH Client
Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure? Test ssh connectivity, try to connect to route-views.routeviews.org. For example from the CLI type: ssh firstname.lastname@example.org