Securing Internet Routing Tutorial
Date: 1st April 2020
Location: Webinar
Venue: Online
Synopsis
- Why are BGP mishaps are very common and frighteningly very easy - malicious route hijacking, mis-origination (fat fingers), and route leaks (bad filters). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
- This workshop will look at at current tools/techniques, how RPKI is just a piece in the puzzle, and what we should all do to secure Internet routing
Target Audience
- Anyone interested in understanding issues with BGP (Internet routing) security and practising good hygiene, including filtering based on ROAs.
Pre-requisites
- This workshop is not an introduction - It is assumed that the workshop participants have a working knowledge IP routing, along with know how to use a router command line interface.
- The lab exercises use Cisco IOS configuration syntax.
Other Requirements
- Hardware: It is highly recommended that participants bring their own laptop computers with Wifi(b/g/n) and administrative access to system to practice the lessons learned during the workshops.
- Software: SSH Client, Telnet Client (PuTTy)
Workshop topics
- Recent Routing Incidents
- Current tools/techniques
- RPKI framework: resource certificates, origin authority, chain of trust
- Creating ROAs
- Deploying RPKI validators
- RTR configuration on routers
- Filtering with ROAs (Route Origin Validation)
- Path Validation - why and how?
Workshop Items
- Agenda (includes links to presentations and schedule)
- Instructors: Tashi Phuntsho (APNIC), Warren Finch (APNIC), Muhammad Yasir Shamim (APNIC)