ipv6rpki-20220328-online


Dates: 28-29 March 2022
Location: Workshop

Target Audience

  • This training is delivered in Mandarin
  • Both Entry and/or mid level technical staff of ISP, network operators or enterprise, who are involved in day-to-day network operation and planning function.
  • Anyone interested to understand the RPKI framework and how it helps secure Internet Routing.

Synopsis

Day 1 IPv6

  • This technical workshop is made up of lectures and hands-on lab exercise to teach the concept of IPv6 protocol architecture, its addressing structure, design issues when planning for IPv6 deployment focusing on IP core network. It discusses network infrastructure design principles for dual stack deployment, OSPFv3, MP-BGP, transition technologies etc. Also presented for understanding and to encourage best practice knowledge.
  • This technical workshop includes considerable practical work based on IPv6 and Cisco IOS router configuration commands.

Day 2 RPKI

  • Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
  • The RPKI part will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Pre-requisites

Day 1 IPv6

  • It is assumed that participants have a basic understanding of network operations, Internet technologies, OSI reference model, TCP/IP and familiar with router operating system software (i.e Cisco IOS etc).

Day 2 RPKI

For those who manage IP resources for your organisations (technical or corporate contacts), please do come with MFA (OTP) enabled for your MyAPNIC account, as well as ensure you have permission from your Corporate Contacts to certifiy your resources - let us create ROAs for your prefixes!

This workshop is not an introduction. It is assumed that the participants have a working knowledge of:

  • IP Routing (esp BGP)
  • How to use a router command line interface (IOS syntax).
  • Basic Linux command line (CLI) skills.

We recommend the following Academy courses be completed before the start of the tutorial:

Other requirements

  • Hardware: It is highly recommended that participants bring their own laptop computers with WiFi (b/g/n) and a pre-installed desktop virtualization tool like VirtualBox or VMware on their machines. It is also recommended that laptops have an Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
  • Software: SSH/Telnet Client, VirtualBox/VMware

Workshop topics

Day 1 IPv6

  • IPv6 Protocol architecture and standards
  • IPv6 Enhancements to Routing Protocols
  • IPv6 addressing and address planning
  • IPv6 deployment planning
  • IPv6 security issues

Day 2 RPKI

  • Recent Routing Incidents
  • Current BGP Filtering techniques
  • Resource PKI fundamentals
  • Signing your routing intent (ROAs)
  • Installation/configuration of RPKI Validators
  • BGP Filtering with ROA (Route Origin Validation)
  • Overview of BGPsec and ASPA

Workshop Items

  • Agenda (includes links to presentations and schedule)
  • Trainers: Jessica Wei (APNIC) Zhang Huan (CNNIC)
  • ipv6rpki-20220328-online.txt
  • Last modified: 2022/03/08 05:13
  • by kenrick