BGP Operations & Security Best Practices
Dates: 4 & 8 December 2020
Location: Online
Target Audience
- Technical staff who are now building or operating a service provider network with international and/or multi-provider connectivity, or considering participation at an Internet Exchange point.
Synopsis
- Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism to ensure no one can inject false information into the global routing system that easily.
- This workshop will look at current tools/techniques, how rPKI is just a piece in the puzzle, and what we should to secure the internet routing instead of waiting for an ideal solution that fixes all issues.
Pre-requisites
- It is assumed that the workshop participants have a working knowledge of an OSPF/IS-IS and BGP fundamentals, along with know how to use a router command line interface.
- This workshop is not an introduction. The lab exercises use Cisco IOS configuration syntax.
- Recommended Pre-req Course APNIC Academy Routing Basics
- Recommended Pre-req Course APNIC Academy Deploying BGP (cisco)
Other Requirements
- Hardware: Participants are advised to bring their own laptop computers with administrative access.
- Software: SSH Client, Telnet Client (PuTTy)
- Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure? Test ssh connectivity, try to connect to route-views.routeviews.org. For example from the CLI type: ssh rviews@route-views.routeviews.org
Workshop topics
- BGP Operations and Security best practices
- BGP Filtering techniques
- Resource PKI fundamentals
- BGP Filtering with ROA (Route Origin Validation)
Workshop Items
- Agenda (includes links to presentations and schedule)
- Instructors: Tashi Phuntsho (APNIC) | David Phelan (APNIC)