Dates: 18 Oct 2022
Location: Bacolod City

Target Audience

  • Anyone interested to understand the RPKI framework and how it helps secure Internet Routing.


Part 1

  • Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
  • This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Part 2

  • Domain Name System is the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS Security / DNSSEC concepts, configurations, and operations.
  • This tutorial will discuss the concept of DNS Security in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.


It is assumed that the workshop participants have some understanding or working knowledge of:

  • IP Routing (esp BGP)

We recommend the following Academy courses be completed before the start of the tutorial:

Other requirements

  • None

Workshop topics

Part 1:

  • Recent Routing Incidents
  • Current BGP Filtering techniques
  • Resource PKI fundamentals

Part 2:

  • Intro to DNS Security
  • DNSSEC Overview
  • DNSSEC Validation & Signing

Workshop Items

  • Agenda (includes links to presentations and schedule)
  • Trainers: Bani Lara (APNIC Community Trainer), Sheryl (Shane) Hermoso (APNIC)
  • routingsec-dns-20221018-ph.txt
  • Last modified: 2022/10/08 23:25
  • by sheryl