ipv6rpki-20220517-online

Dates: 17-18 May 2022
Location: Workshop

Target Audience

  • Both Entry and/or mid level technical staff of ISP, network operators or enterprise, who are involved in day-to-day network operation and planning function.
  • Anyone interested to understand the RPKI framework and how it helps secure Internet Routing.

Synopsis

Day 1 IPv6

  • This technical workshop is made up of lectures and hands-on lab exercise to teach the concept of IPv6 protocol architecture, its addressing structure, design issues when planning for IPv6 deployment focusing on IP core network. It discusses network infrastructure design principles for dual stack deployment, OSPFv3, MP-BGP, transition technologies etc. Also presented for understanding and to encourage best practice knowledge.
  • This technical workshop includes considerable practical work based on IPv6 and Cisco IOS router configuration commands.

Day 2 RPKI

  • Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
  • The RPKI part will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Pre-requisites

Day 1 IPv6

  • It is assumed that participants have a basic understanding of network operations, Internet technologies, OSI reference model, TCP/IP and familiar with router operating system software (i.e Cisco IOS etc).

Day 2 RPKI

For those who manage IP resources for your organisations (technical or corporate contacts), please do come with MFA (OTP) enabled for your MyAPNIC account, as well as ensure you have permission from your Corporate Contacts to certifiy your resources - let us create ROAs for your prefixes!

This workshop is not an introduction. It is assumed that the participants have a working knowledge of:

  • IP Routing (esp BGP)
  • How to use a router command line interface (IOS syntax).
  • Basic Linux command line (CLI) skills.

We recommend the following Academy courses be completed before the start of the tutorial:

Other requirements

  • Online - Participants are advised to bring their own laptop or desktop computers with high-speed internet access and administrative access to system. It is also recommended that computers have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
  • Face to face - Participants are advised to bring their own laptop computers with high-speed Wi-Fi (802.11a/g/n/ac) and administrative access to system. It is also recommended that laptops have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
  • Software: SSH Client, Telnet Client, VirtualBox/VMware
  • Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure? Test ssh connectivity, try to connect to route-views.routeviews.org. For example from the CLI type: ssh [email protected]
  • Attendees must have an APNIC Academy login account. If you don't have one already, you can create an account for free at https://academy.apnic.net/
  • Please test the speed of your Internet connection to the servers where the Virtual Machines (VMs) are hosted at the Learn on Demand data centres, using the speed test tool at https://www.learnondemandsystems.com/speedtest/

Workshop topics

Day 1 IPv6

  • IPv6 Protocol architecture and standards
  • IPv6 address structure
  • IPv6 Security and Discussion

Day 2 RPKI

  • Recent Routing Incidents
  • Current BGP Filtering techniques
  • Resource PKI fundamentals
  • Signing your routing intent (ROAs)
  • Installation/configuration of RPKI Validators
  • BGP Filtering with ROA (Route Origin Validation)
  • Overview of BGPsec and ASPA

Workshop Items

  • Agenda (includes links to presentations and schedule)
  • Trainers: Jessica Wei, Minh Lay (Makito), Shane Hermoso, Liezel Manangan
  • ipv6rpki-20220517-online.txt
  • Last modified: 2022/05/16 05:06
  • by jessica