Date: 22 August 2019
Location: Nha Trang City, Vietnam
Conference Website:VNIX-NOG

Synopsis

  • Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism to ensure no one can inject false information into the global routing system that easily.
  • This tutorial will look at current tools/techniques, how rPKI is just a piece in the puzzle, and what we should to secure the internet routing instead of waiting for an ideal solution that fixes all issues.

Target Audience

  • Anyone interested in understanding issues with securing the internet routing system and the use of filtering tools/techniques including filtering using ROAs.

Pre-requisites

  • It is assumed that the workshop participants have a working knowledge of BGP fundamentals.
  • This workshop is not an introduction. The lab exercises use Cisco IOS configuration syntax.

Other Requirements

  • Hardware: It is highly recommended that participants bring their own laptop computers.
  • Software: SSH Client, Telnet Client (PuTTy)

Workshop topics

  • Recent Routing Incidents
  • Current legitimacy of address check tools
  • RPKI framework: resource certificates, origin authority, chain of trust
  • Creating ROAs
  • Deploying RPKI validators
  • RTR configuration on routers
  • Filtering with ROAs (Route Origin Validation)
  • Path Validation - why and how?

Workshop Items

  • rpki-vn.txt
  • Last modified: 2019/08/18 19:10
  • by tashi