Securing Internet Routing Tutorial

Date: 20 Jan 2021
Location: Tutorial
Venue: Online

Synopsis

• Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily.
• This tutorial will look at current tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Target Audience

• Anyone interested in understanding issues with securing the internet routing system and the use of filtering tools/techniques including filtering using ROAs.

Pre-requisites

• This workshop is not an introduction - It is assumed that the workshop participants have a working knowledge of IP routing, along with know how to use a router command line interface.
• The lab exercises use Cisco IOS configuration syntax.

Other Requirements

• Hardware: It is highly recommended that participants bring their own laptop computers for lab work.
• Software: SSH Client, Telnet Client
• Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure

Workshop topics

• Recent Routing Incidents
• Current filtering tools/techniques
• The RPKI framework
• Signing your route origin (creating ROAs)
• Install/Configure RPKI validators
• Route Filtering with ROAs (Route Origin Validation)
• Path Validation - why and how?

Workshop Items

• Agenda (includes links to presentations and schedule)
• Instructors: Dave Phelan(APNIC), Dibya Khatiwada (APNIC Community Trainer)