SlideShare a Scribd company logo

APNIC RPKI Service Update: MyIX/MyNOG 2017

Download as PPTX, PDF
APNIC
APNIC

APNIC Network Engineer, Brenda Buwu, gives an overview of APNIC's RPKI service and transition to an 'all resources' trust anchor at the 2017 MyIX/MyNOG conference in Kuala Lumpur, Malaysia, on 26 October 2017.

Internet
1 of 20
MyNOG 2017 APNIC RPKI Service Update Brenda Buwu, Network Engineer brenda@apnic.net
RPKI in Malaysia at a glance 2 ASN IPv4 holders IPv6 holders Delegated 199 227 154 Active in RPKI 11 12 5 • Low levels of participation — <10% in all categories • This is mostly a ‘one click’ activity in MyAPNIC, so easy to engage! • Percentage coverage of active BGP by address range high: 100% in IPv6, >75% in IPv4 • Please log in to your MyAPNIC account and enable RPKI It’s your address and routing plan: protect it!
What does the current APNIC RPKI look like? 3 APNIC from IANA TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA
APNIC is altering its RPKI TA model • PKI depends on a Trust Anchor (TA) model – Validation of all signed objects is under a given TA – The TA is external, supplied; foundation of the trust system • The current APNIC RPKI depends on five TAs – Pre-emptively architected to align with real-world and future unified global RPKI model – BUT, unification has not emerged; instead complex divergent set of TAs across the five RIRs – All RIRs’ TAs converging into a single, consistent TA model – each RIR can certify any resource 4
Why is this happening? • Increase RIR consistency by aligning on TA approach – We will now operate a mutually consistent model • Reduce invalidity risks: – Internet transfers (inter and intra) are frequent — resources are coming into or leaving any given RIR each month – Necessitates changes in the TA to reflect these shrinkages and growth events – Each transaction is a risk window for a process failure – TA work is now far less frequent; no changes as resources move between RIRs, or are assigned by IANA 5
How can transfers affect validity? • Transfer occurs, but operator errors/bugs leaves TA unpublished • Online CA over-claims: invalid • All Member CAs become invalid, not just those receiving transferred resources 6 APNIC TA APNIC from RIR CA Mem. CA ✔ Mem. CA Mem. CA ✘ Mem. CA ✘ ✘ ✘ ✘
How can this problem be resolved? • Draft IETF document (draft-ietf-sidr-rpki-validation- reconsidered) allowing an over-claiming certificate to be considered valid for those resources that are covered by its issuer • But still some time before the document is finalized, and longer still until relying party software is upgraded and deployed 7
Failure in RPKI has wide consequences • Operational failure high in the tree is catastrophic – All resources under that arc of a tree (for a TA, all resources!) are invalid • Each transaction is a risk window for a process failure – All failures in the APNIC TA risks invalidating all products across the Asia Pacific – APNIC felt this risk was unacceptable • APNIC has decided to re-architect to a model that removes this risk, and also removes operational complexity under transfers • Reunify under one TA — make that TA ‘all resources’ 8
How does the transition happen? (1) 9 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA - APNIC TA expanded to cover 0/0, ::/0, AS1-4294967295
How does the transition happen? (2) 10 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - APNIC TA issues new intermediate online certificate - Intermediate certificate also covers 0/0, ::/0, AS1-4294967295
How does the transition happen? (3) 11 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - One existing online certificate is re-signed by the intermediate
How does the transition happen? (4) 12 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Remaining online certificates are re-signed by the intermediate
How does the transition happen? (5) 13 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Unused TAs are withdrawn from publication
What is the state after the transition? 14 APNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA LACNIC TA RIPE TAARIN TAAFRINIC TA - All RIRs look the same … … … …
How does the transition help this? • If the TA claims all resources, it’s impossible for the online CA to over- claim • Mass invalidity due to over-claiming can’t occur 15 APNIC TA (0/0, ::/0, AS1-4294967295) APNIC from RIR CA Mem. CA ✔ ✔ Mem. CA Mem. CA ✔ ✔✔ always
How can TA work affect validity? • APNIC’s TAs are backed by a Hardware Security Module (HSM), as are those of the other RIRs • A great deal of care must be exercised when using an HSM – For example, devices may have policies such that a certain number of failed authentication attempts leads to irreversible key destruction • The more TA work that is happening, the greater the risk 16
How does the transition help this? • By having the TA be responsible for all resources, the need to do TA work is limited to scheduled and well-understood events: – Manifest/CRL reissuance – TA reissuance 17
What do I need to do? • If you only issue ROAs: – No change required • If you run relying party software: – Once APNIC has announced the successful transition, remove the unused TAs from configuration and cache – However, leaving them in place will not affect validity outcomes 18
When will this happen? • Previously planned for September • Some problems that were found during the testbed transition meant that deployment has been delayed so that further testing can occur • Update to the new single-TA model is expected to be completed by the end of October • The four unused TAs will be withdrawn in 2018 https://www.apnic.net/single-ta-transition 19
Thanks!

Recommended

RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonMyNOG
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Aruba, a Hewlett Packard Enterprise company
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Integrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkIntegrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceEMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceAruba, a Hewlett Packard Enterprise company
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73APNIC
 

Recommended

RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonMyNOG
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Aruba, a Hewlett Packard Enterprise company
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Integrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkIntegrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceEMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceAruba, a Hewlett Packard Enterprise company
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73APNIC
 
ION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and TrendsION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and TrendsDeploy360 Programme (Internet Society)
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security FundamentalsAruba, a Hewlett Packard Enterprise company
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 UpdateAPNIC
 
APNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performanceAPNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallAruba, a Hewlett Packard Enterprise company
 
NZNOG 2020: APNIC update
NZNOG 2020: APNIC updateNZNOG 2020: APNIC update
NZNOG 2020: APNIC updateAPNIC
 
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...Aruba, a Hewlett Packard Enterprise company
 
Securing the LAN Best practices to secure the wired access network
Securing the LAN Best practices to secure the wired access networkSecuring the LAN Best practices to secure the wired access network
Securing the LAN Best practices to secure the wired access networkAruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessImperva Incapsula
 
Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Aruba, a Hewlett Packard Enterprise company
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
IPv6 - delegations, deployment and trends, SANOG 29
IPv6 - delegations, deployment and trends, SANOG 29IPv6 - delegations, deployment and trends, SANOG 29
IPv6 - delegations, deployment and trends, SANOG 29APNIC
 
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...Aruba, a Hewlett Packard Enterprise company
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TAAPNIC
 
MyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsAPNIC
 

More Related Content

What's hot

An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 UpdateAPNIC
 
APNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performanceAPNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...Aruba, a Hewlett Packard Enterprise company
 
NZNOG 2020: APNIC update
NZNOG 2020: APNIC updateNZNOG 2020: APNIC update
NZNOG 2020: APNIC updateAPNIC
 
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...Aruba, a Hewlett Packard Enterprise company
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessImperva Incapsula
 
Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Aruba, a Hewlett Packard Enterprise company
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
IPv6 - delegations, deployment and trends, SANOG 29
IPv6 - delegations, deployment and trends, SANOG 29IPv6 - delegations, deployment and trends, SANOG 29
IPv6 - delegations, deployment and trends, SANOG 29APNIC
 
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

ION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and TrendsION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and Trends
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 Update
 
APNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC Member Gathering, China
APNIC Member Gathering, China
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performance
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
 
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
Software defined networking (sdn) deep dive 3rd-party ecosystem apps and the ...
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
NZNOG 2020: APNIC update
NZNOG 2020: APNIC updateNZNOG 2020: APNIC update
NZNOG 2020: APNIC update
 
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Clou...
 
Securing the LAN Best practices to secure the wired access network
Securing the LAN Best practices to secure the wired access networkSecuring the LAN Best practices to secure the wired access network
Securing the LAN Best practices to secure the wired access network
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your Business
 
Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf Italy
 
IPv6 - delegations, deployment and trends, SANOG 29
IPv6 - delegations, deployment and trends, SANOG 29IPv6 - delegations, deployment and trends, SANOG 29
IPv6 - delegations, deployment and trends, SANOG 29
 
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
Best practices in deploying and managing aruba bluetooth low energy (ble) bea...
 

Similar to APNIC RPKI Service Update: MyIX/MyNOG 2017

Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TAAPNIC
 
MyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsAPNIC
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTMMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...CA Technologies
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...CA Technologies
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC
 
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn RedCase Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn RedCA Technologies
 
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...CA Technologies
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...Imperva Incapsula
 
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Rackspace Academy
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksAreaNetworking.it
 
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10CA Technologies
 
Improve Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAsImprove Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAsCA Technologies
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingVasily Demin
 
Seun_slides_icann day
Seun_slides_icann daySeun_slides_icann day
Seun_slides_icann dayAFRINIC
 

Similar to APNIC RPKI Service Update: MyIX/MyNOG 2017 (20)

Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TA
 
MyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalids
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTMMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
 
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: Myanmar
 
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn RedCase Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
 
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
 
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area Networks
 
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10
 
Improve Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAsImprove Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAs
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishing
 
Seun_slides_icann day
Seun_slides_icann daySeun_slides_icann day
Seun_slides_icann day
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 

Recently uploaded (17)

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 

APNIC RPKI Service Update: MyIX/MyNOG 2017

  • 1. MyNOG 2017 APNIC RPKI Service Update Brenda Buwu, Network Engineer brenda@apnic.net
  • 2. RPKI in Malaysia at a glance 2 ASN IPv4 holders IPv6 holders Delegated 199 227 154 Active in RPKI 11 12 5 • Low levels of participation — <10% in all categories • This is mostly a ‘one click’ activity in MyAPNIC, so easy to engage! • Percentage coverage of active BGP by address range high: 100% in IPv6, >75% in IPv4 • Please log in to your MyAPNIC account and enable RPKI It’s your address and routing plan: protect it!
  • 3. What does the current APNIC RPKI look like? 3 APNIC from IANA TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA
  • 4. APNIC is altering its RPKI TA model • PKI depends on a Trust Anchor (TA) model – Validation of all signed objects is under a given TA – The TA is external, supplied; foundation of the trust system • The current APNIC RPKI depends on five TAs – Pre-emptively architected to align with real-world and future unified global RPKI model – BUT, unification has not emerged; instead complex divergent set of TAs across the five RIRs – All RIRs’ TAs converging into a single, consistent TA model – each RIR can certify any resource 4
  • 5. Why is this happening? • Increase RIR consistency by aligning on TA approach – We will now operate a mutually consistent model • Reduce invalidity risks: – Internet transfers (inter and intra) are frequent — resources are coming into or leaving any given RIR each month – Necessitates changes in the TA to reflect these shrinkages and growth events – Each transaction is a risk window for a process failure – TA work is now far less frequent; no changes as resources move between RIRs, or are assigned by IANA 5
  • 6. How can transfers affect validity? • Transfer occurs, but operator errors/bugs leaves TA unpublished • Online CA over-claims: invalid • All Member CAs become invalid, not just those receiving transferred resources 6 APNIC TA APNIC from RIR CA Mem. CA ✔ Mem. CA Mem. CA ✘ Mem. CA ✘ ✘ ✘ ✘
  • 7. How can this problem be resolved? • Draft IETF document (draft-ietf-sidr-rpki-validation- reconsidered) allowing an over-claiming certificate to be considered valid for those resources that are covered by its issuer • But still some time before the document is finalized, and longer still until relying party software is upgraded and deployed 7
  • 8. Failure in RPKI has wide consequences • Operational failure high in the tree is catastrophic – All resources under that arc of a tree (for a TA, all resources!) are invalid • Each transaction is a risk window for a process failure – All failures in the APNIC TA risks invalidating all products across the Asia Pacific – APNIC felt this risk was unacceptable • APNIC has decided to re-architect to a model that removes this risk, and also removes operational complexity under transfers • Reunify under one TA — make that TA ‘all resources’ 8
  • 9. How does the transition happen? (1) 9 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA - APNIC TA expanded to cover 0/0, ::/0, AS1-4294967295
  • 10. How does the transition happen? (2) 10 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - APNIC TA issues new intermediate online certificate - Intermediate certificate also covers 0/0, ::/0, AS1-4294967295
  • 11. How does the transition happen? (3) 11 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - One existing online certificate is re-signed by the intermediate
  • 12. How does the transition happen? (4) 12 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Remaining online certificates are re-signed by the intermediate
  • 13. How does the transition happen? (5) 13 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Unused TAs are withdrawn from publication
  • 14. What is the state after the transition? 14 APNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA LACNIC TA RIPE TAARIN TAAFRINIC TA - All RIRs look the same … … … …
  • 15. How does the transition help this? • If the TA claims all resources, it’s impossible for the online CA to over- claim • Mass invalidity due to over-claiming can’t occur 15 APNIC TA (0/0, ::/0, AS1-4294967295) APNIC from RIR CA Mem. CA ✔ ✔ Mem. CA Mem. CA ✔ ✔✔ always
  • 16. How can TA work affect validity? • APNIC’s TAs are backed by a Hardware Security Module (HSM), as are those of the other RIRs • A great deal of care must be exercised when using an HSM – For example, devices may have policies such that a certain number of failed authentication attempts leads to irreversible key destruction • The more TA work that is happening, the greater the risk 16
  • 17. How does the transition help this? • By having the TA be responsible for all resources, the need to do TA work is limited to scheduled and well-understood events: – Manifest/CRL reissuance – TA reissuance 17
  • 18. What do I need to do? • If you only issue ROAs: – No change required • If you run relying party software: – Once APNIC has announced the successful transition, remove the unused TAs from configuration and cache – However, leaving them in place will not affect validity outcomes 18
  • 19. When will this happen? • Previously planned for September • Some problems that were found during the testbed transition meant that deployment has been delayed so that further testing can occur • Update to the new single-TA model is expected to be completed by the end of October • The four unused TAs will be withdrawn in 2018 https://www.apnic.net/single-ta-transition 19

Editor's Notes

  1. 3
  2. 4
  3. 5
  4. 6
  5. 7
  6. 9
  7. 10
  8. 11
  9. 12
  10. 13
  11. 14
  12. 15
  13. 16
  14. 17
  15. 18
  16. 19