Securing Internet Routing with RPKI

Dates: 22-25 February 2021
Location: Online
Event Website: https://2021.apricot.net/program/schedule/#/day/1

Target Audience

• Technical staff who are now building or operating a service provider network with international and/or multi-provider connectivity.
• Anyone interested to understand the RPKI framework and how it helps secure Internet Routing.

Synopsis

• Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
• This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Pre-requisites

For those who manage IP resources for your organisations (technical or corporate contacts), please do come with MFA (OTP) enabled for your MyAPNIC account, as well as ensure you have permission from your Corporate Contacts to certifiy your resources - let us create ROAs for your prefixes!

This workshop is not an introduction. It is assumed that the workshop participants have a working knowledge of:

• IP Routing (esp BGP fundamentals)
• How to use a router command line interface (Cisco IOS configuration syntax).
• Network operations, Internet technologies, OSI reference model and TCP/IP.
• Basic Linux command line (CLI) skills.

We recommend the following Academy courses be completed before the start of the tutorial:

• Routing Basics: https://academy.apnic.net/en/course/routing-fundamentals-course/
• Deploying BGP (cisco) virtual lab: https://academy.apnic.net/en/virtual-labs?labId=69078

Other requirements

• Participants are advised to bring their own laptop computers and have a good internet connection since the labs will be remote.
• Software: SSH Client
• Confirm Secure Shell (SSH) is allowed from the office or home network to access the lab infrastructure?

Workshop topics

• Recent Routing Incidents
• Current BGP Filtering techniques
• Resource PKI fundamentals
• Installation and configuration of RPKI Validators
• BGP Filtering with ROA (Route Origin Validation)
• Overview of BGPsec and ASPA

Workshop Items

• Agenda (includes links to presentations and schedule)
• Instructors: Tashi Phuntsho (APNIC), Bayani (Bani) Benjamin Lara (APNIC Community Trainer)