SlideShare une entreprise Scribd logo

RPKI

RIPE NCC
RIPE NCC

Presentation given by Nathalie Trenaman online at Zilverline on 26 February 2021

Technologie
1  sur  34
Télécharger pour lire hors ligne
Name | Date | Event Presentation Subtitle Presentation Title
Section Title Section subtitle
3
4 RIRs are responsible for: • Keeping the registry up to date, correct, and secur e • Using hierarchical allocation s • Maintaining neutrality towards all members
Section Title Section subtitle
6 Internet building blocks ASN (Autonomous System Number)
7 ASN (Autonomous System Number) Internet building blocks ASN Addresses Interconnect Autonomous System
RPKI Webinar 8 Routing on the Internet “BGP protocol” Can I trust B? Routing table 
 194.x.x.x = B Routing table 
 193.x.x.x = A Is A correct? A 
 193.x.x.x B 
 194.x.x.x B: “I have 194.x.x.x” A: “I have 193.x.x.x”
9 Route Propagation AS15 AS756 R1 AS33 AS164 66.2.9.0/24 M ED=700 MED=500 LP=100 LP=50 AS25 AS5 R2 LP=40 tra ffi c route
RPKI Webinar 10 Accidents Happen • Fat Fingers - 2 and 3 are really close on our keyboards…. • Policy Violations (leaks) - Oops, we did not want this to go on the public Internet - Infamous incident with Pakistan Telecom and YouTube
RPKI Webinar 11 Incidents Are Common • 2019 Routing Security Review - 12,600 incidents - 4,4% of all ASNs affected - 3,000 ASNs are victims of at least one incident - 1,300 ASNs caused at least one incident Source: https://bgpstream.com
RPKI Webinar 12 Routing on the Internet Can I trust B? Routing table 
 194.x.x.x = B Routing table 
 193.x.x.x = A Is A correct? A 
 193.x.x.x B 
 194.x.x.x B: “I have 194.x.x.x” A: “I have 193.x.x.x” “Internet Routing Registry”
BGP Operations and Security 13 Problem Statement • Some IRR data can not be fully trusted - Accuracy - Incomplete data - Lack of maintenance • Not every RIR has an IRR - Third party databases need to be used - No verification of who holds IPs/ASNs
• Problem Statement 14
Section Title Section subtitle
BGP Operations and Security 16 Resource Public Key Infrastructure • Ties IP addresses and ASNs to public keys • Follows the hierarchy of the registries • Authorised statements from resource holders - “ASN X is authorised to announce my Prefix Y” - Signed, holder of Y
BGP Operations and Security 17 RPKI Certificate Structure Member Member Member ROA ROA ROA Certificate hierarchy follows allocation hierarchy ARIN APNIC RIPE LACNIC AFRINIC
BGP Operations and Security 18 RPKI Chain of Trust ALL Resources LIR’s Resources Root’s private key signature signature public key public key
BGP Operations and Security 19 Two elements of RPKI Signing Create your ROAs Validating Verifying others
BGP Operations and Security 20 RPKI Chain of Trust LIR’s Resources signature public key ALL Resources signature public key ROA signature
BGP Operations and Security 21 Hosted RPKI • RIR hosts a CA and signs all ROAs • Automate signing and key rollovers • Allows you focus on creating and publishing ROAs
BGP Operations and Security 22 Route Origin Authorisation Prefix is authorised to be announced by AS Number LIR’s private key ROA signature
Presenter name | Event | Date 23 • Source: https://stat.ripe.net/NL#tabId=routing
Presenter name | Event | Date 24 • Source: https://stat.ripe.net/NL#tabId=routing
BGP Operations and Security 25 Hosted or Delegated RPKI RIPE ROA ROA ROA ROA ROA Member Member Member ROA Member-X CA Member-Y CA RIPE NCC Hosted System
Section Title Section subtitle
BGP Operations and Security 27 Two elements of RPKI Signing Create your ROAs Validating Verifying others
BGP Operations and Security 28 Trust Anchor Locator (TAL) RIPE NCC ARIN APNIC AFRINIC LACNIC Validator Repository Repository Repository Repository Repository • Location of RIR repositories • Root’s public key TAL TAL TAL TAL List of ROAs Cerfificates
BGP Operations and Security 29 Relying Party RIPE NCC ARIN APNIC AFRINIC LACNIC Validator Repository Repository Repository Repository Repository List of ROAs Cerfificates
BGP Operations and Security 30 Relying Party ROA AS111 10.0.8.0/22 AS222 10.0.6.0/24 AS333 10.4.16.0/20 AS111 10.0.12.0/22 AS111 10.0.16.0/22 AS111 10.0.20.0/22 BGP Announcements BETTER ROUTING DECISIONS
RPKI Webinar 31 Routing on the Internet Is A correct? A 
 192.0.2.0/24 B 
 193.0.24.0/21 A: “I have 192.0.2.0/24” 1. Create route authorisation record (ROA) 2. Validate route RPKI Repository A is authorised to announce 192.0.2.0/24 BGP
Status of Transit and Cloud 32 Name Type Details Status Telia Transit Signed & Filtering Safe Cogent Transit Signed & Filtering Safe GTT Transit Signed & Filtering Safe NTT Transit Signed & Filtering Safe Hurricane Electric Transit Signed & Filtering Safe Tata Transit Signed & Filtering Safe PCCW Transit Signed & Filtering Safe RETN Transit Partially Signed & Filtering Safe Cloud fl are Cloud Signed & Filtering Safe Amazon Cloud Signed & Filtering Safe Net fl ix Cloud Signed & Filtering Safe Wikimedia Foundation Cloud Signed & Filtering Safe Scaleway Cloud Signed & Filtering Safe • Source: isbgpsafeyet.com
Presenter name | Event | Date 33 What We’re Working On • Repository Resiliency: Cloud • Security: Audit Framework, different security assessments • Improving Q&A • Reporting on our findings • Doing RPKI ourselves!
Questions

Recommandé

BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSAPNIC
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Bangladesh Network Operators Group
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKIAPNIC
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI statusAPNIC
 
PacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIAPNIC
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial Bangladesh Network Operators Group
 

Recommandé

BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSAPNIC
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Bangladesh Network Operators Group
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKIAPNIC
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI statusAPNIC
 
PacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIAPNIC
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial Bangladesh Network Operators Group
 
Securing global routing system and operators approach
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approachAPNIC
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 
Resource Certification
Resource CertificationResource Certification
Resource CertificationRIPE NCC
 
23rd PITA AGM and Conference: Internet number registry services - the next ge...
23rd PITA AGM and Conference: Internet number registry services - the next ge...23rd PITA AGM and Conference: Internet number registry services - the next ge...
23rd PITA AGM and Conference: Internet number registry services - the next ge...APNIC
 
Certification
CertificationCertification
CertificationRIPE NCC
 
IDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIAPNIC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingAPNIC
 
SANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationSANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationAPNIC
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshFakrul Alam
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4APNIC
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshFakrul Alam
 
Commercial References 2016
Commercial References 2016Commercial References 2016
Commercial References 2016Shaina Brooke Dahlitz
 
npNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentnpNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentAPNIC
 
BGP: Whats so special about the number 512?
BGP: Whats so special about the number 512?BGP: Whats so special about the number 512?
BGP: Whats so special about the number 512?GeoffHuston
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
APNIC Services by Anna Mulingbayan
APNIC Services by Anna MulingbayanAPNIC Services by Anna Mulingbayan
APNIC Services by Anna MulingbayanMyNOG
 
AFRINIC Presentation - Resource certification by Amreesh Phokeer
AFRINIC Presentation - Resource certification by Amreesh PhokeerAFRINIC Presentation - Resource certification by Amreesh Phokeer
AFRINIC Presentation - Resource certification by Amreesh PhokeerAFRINIC
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP TransportMyNOG
 
ESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfRIPE NCC
 
Routing Security
Routing SecurityRouting Security
Routing SecurityRIPE NCC
 

Contenu connexe

Tendances

Securing global routing system and operators approach
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approachAPNIC
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 
Resource Certification
Resource CertificationResource Certification
Resource CertificationRIPE NCC
 
23rd PITA AGM and Conference: Internet number registry services - the next ge...
23rd PITA AGM and Conference: Internet number registry services - the next ge...23rd PITA AGM and Conference: Internet number registry services - the next ge...
23rd PITA AGM and Conference: Internet number registry services - the next ge...APNIC
 
Certification
CertificationCertification
CertificationRIPE NCC
 
IDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIAPNIC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingAPNIC
 
SANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationSANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationAPNIC
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshFakrul Alam
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4APNIC
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshFakrul Alam
 
npNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentnpNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentAPNIC
 
BGP: Whats so special about the number 512?
BGP: Whats so special about the number 512?BGP: Whats so special about the number 512?
BGP: Whats so special about the number 512?GeoffHuston
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
APNIC Services by Anna Mulingbayan
APNIC Services by Anna MulingbayanAPNIC Services by Anna Mulingbayan
APNIC Services by Anna MulingbayanMyNOG
 
AFRINIC Presentation - Resource certification by Amreesh Phokeer
AFRINIC Presentation - Resource certification by Amreesh PhokeerAFRINIC Presentation - Resource certification by Amreesh Phokeer
AFRINIC Presentation - Resource certification by Amreesh PhokeerAFRINIC
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP TransportMyNOG
 

Tendances (20)

Securing global routing system and operators approach
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approach
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practice
 
Resource Certification
Resource CertificationResource Certification
Resource Certification
 
23rd PITA AGM and Conference: Internet number registry services - the next ge...
23rd PITA AGM and Conference: Internet number registry services - the next ge...23rd PITA AGM and Conference: Internet number registry services - the next ge...
23rd PITA AGM and Conference: Internet number registry services - the next ge...
 
Certification
CertificationCertification
Certification
 
IDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKI
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification Tutorial
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet Routing
 
SANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationSANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generation
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX Updates
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in Bangladesh
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Commercial References 2016
Commercial References 2016Commercial References 2016
Commercial References 2016
 
npNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentnpNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deployment
 
BGP: Whats so special about the number 512?
BGP: Whats so special about the number 512?BGP: Whats so special about the number 512?
BGP: Whats so special about the number 512?
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
 
APNIC Services by Anna Mulingbayan
APNIC Services by Anna MulingbayanAPNIC Services by Anna Mulingbayan
APNIC Services by Anna Mulingbayan
 
AFRINIC Presentation - Resource certification by Amreesh Phokeer
AFRINIC Presentation - Resource certification by Amreesh PhokeerAFRINIC Presentation - Resource certification by Amreesh Phokeer
AFRINIC Presentation - Resource certification by Amreesh Phokeer
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP Transport
 

Similaire à RPKI

ESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfRIPE NCC
 
Routing Security
Routing SecurityRouting Security
Routing SecurityRIPE NCC
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoMyNOG
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs APNIC
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsAPNIC
 
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalidsVNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalidsAPNIC
 
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI MattersAPNIC
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
btNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingbtNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingAPNIC
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsAPNIC
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationAPNIC
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessAPNIC
 
Peering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringAPNIC
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoAPNIC
 

Similaire à RPKI (20)

ESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdf
 
Routing Security
Routing SecurityRouting Security
Routing Security
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
 
SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure Connections
 
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalidsVNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
 
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKI
 
btNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingbtNOG 6: Securing Internet Routing
btNOG 6: Securing Internet Routing
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and Operations
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
 
Peering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for Peering
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI Demo
 

Plus de RIPE NCC

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 

Plus de RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Dernier

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

RPKI

  • 1. Name | Date | Event Presentation Subtitle Presentation Title
  • 3. 3
  • 4. 4 RIRs are responsible for: • Keeping the registry up to date, correct, and secur e • Using hierarchical allocation s • Maintaining neutrality towards all members
  • 6. 6 Internet building blocks ASN (Autonomous System Number)
  • 7. 7 ASN (Autonomous System Number) Internet building blocks ASN Addresses Interconnect Autonomous System
  • 8. RPKI Webinar 8 Routing on the Internet “BGP protocol” Can I trust B? Routing table 
 194.x.x.x = B Routing table 
 193.x.x.x = A Is A correct? A 
 193.x.x.x B 
 194.x.x.x B: “I have 194.x.x.x” A: “I have 193.x.x.x”
  • 10. RPKI Webinar 10 Accidents Happen • Fat Fingers - 2 and 3 are really close on our keyboards…. • Policy Violations (leaks) - Oops, we did not want this to go on the public Internet - Infamous incident with Pakistan Telecom and YouTube
  • 11. RPKI Webinar 11 Incidents Are Common • 2019 Routing Security Review - 12,600 incidents - 4,4% of all ASNs affected - 3,000 ASNs are victims of at least one incident - 1,300 ASNs caused at least one incident Source: https://bgpstream.com
  • 12. RPKI Webinar 12 Routing on the Internet Can I trust B? Routing table 
 194.x.x.x = B Routing table 
 193.x.x.x = A Is A correct? A 
 193.x.x.x B 
 194.x.x.x B: “I have 194.x.x.x” A: “I have 193.x.x.x” “Internet Routing Registry”
  • 13. BGP Operations and Security 13 Problem Statement • Some IRR data can not be fully trusted - Accuracy - Incomplete data - Lack of maintenance • Not every RIR has an IRR - Third party databases need to be used - No verification of who holds IPs/ASNs
  • 16. BGP Operations and Security 16 Resource Public Key Infrastructure • Ties IP addresses and ASNs to public keys • Follows the hierarchy of the registries • Authorised statements from resource holders - “ASN X is authorised to announce my Prefix Y” - Signed, holder of Y
  • 17. BGP Operations and Security 17 RPKI Certificate Structure Member Member Member ROA ROA ROA Certificate hierarchy follows allocation hierarchy ARIN APNIC RIPE LACNIC AFRINIC
  • 18. BGP Operations and Security 18 RPKI Chain of Trust ALL Resources LIR’s Resources Root’s private key signature signature public key public key
  • 19. BGP Operations and Security 19 Two elements of RPKI Signing Create your ROAs Validating Verifying others
  • 20. BGP Operations and Security 20 RPKI Chain of Trust LIR’s Resources signature public key ALL Resources signature public key ROA signature
  • 21. BGP Operations and Security 21 Hosted RPKI • RIR hosts a CA and signs all ROAs • Automate signing and key rollovers • Allows you focus on creating and publishing ROAs
  • 22. BGP Operations and Security 22 Route Origin Authorisation Prefix is authorised to be announced by AS Number LIR’s private key ROA signature
  • 23. Presenter name | Event | Date 23 • Source: https://stat.ripe.net/NL#tabId=routing
  • 24. Presenter name | Event | Date 24 • Source: https://stat.ripe.net/NL#tabId=routing
  • 25. BGP Operations and Security 25 Hosted or Delegated RPKI RIPE ROA ROA ROA ROA ROA Member Member Member ROA Member-X CA Member-Y CA RIPE NCC Hosted System
  • 27. BGP Operations and Security 27 Two elements of RPKI Signing Create your ROAs Validating Verifying others
  • 28. BGP Operations and Security 28 Trust Anchor Locator (TAL) RIPE NCC ARIN APNIC AFRINIC LACNIC Validator Repository Repository Repository Repository Repository • Location of RIR repositories • Root’s public key TAL TAL TAL TAL List of ROAs Cerfificates
  • 29. BGP Operations and Security 29 Relying Party RIPE NCC ARIN APNIC AFRINIC LACNIC Validator Repository Repository Repository Repository Repository List of ROAs Cerfificates
  • 30. BGP Operations and Security 30 Relying Party ROA AS111 10.0.8.0/22 AS222 10.0.6.0/24 AS333 10.4.16.0/20 AS111 10.0.12.0/22 AS111 10.0.16.0/22 AS111 10.0.20.0/22 BGP Announcements BETTER ROUTING DECISIONS
  • 31. RPKI Webinar 31 Routing on the Internet Is A correct? A 
 192.0.2.0/24 B 
 193.0.24.0/21 A: “I have 192.0.2.0/24” 1. Create route authorisation record (ROA) 2. Validate route RPKI Repository A is authorised to announce 192.0.2.0/24 BGP
  • 32. Status of Transit and Cloud 32 Name Type Details Status Telia Transit Signed & Filtering Safe Cogent Transit Signed & Filtering Safe GTT Transit Signed & Filtering Safe NTT Transit Signed & Filtering Safe Hurricane Electric Transit Signed & Filtering Safe Tata Transit Signed & Filtering Safe PCCW Transit Signed & Filtering Safe RETN Transit Partially Signed & Filtering Safe Cloud fl are Cloud Signed & Filtering Safe Amazon Cloud Signed & Filtering Safe Net fl ix Cloud Signed & Filtering Safe Wikimedia Foundation Cloud Signed & Filtering Safe Scaleway Cloud Signed & Filtering Safe • Source: isbgpsafeyet.com
  • 33. Presenter name | Event | Date 33 What We’re Working On • Repository Resiliency: Cloud • Security: Audit Framework, different security assessments • Improving Q&A • Reporting on our findings • Doing RPKI ourselves!