Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC.

Published byAnnabella Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC."— Presentation transcript:

1 Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC

2 Objectives To provide an introduction to the APNIC Routing Registry –Explain concepts of the global RR –Outline the benefits of the APNIC Routing Registry –Discuss Routing Policy Specification Language (RPSL) New Initiative RPKI

3 Overview What is IRR? Whois DB Recap APNIC database and the IRR Using the Routing Registry Using RPSL in practice Benefit of using IRR

4 What is IRR?

5 Prefix Advertise to Internet Ingress prefix from downstream: –Option 1: Customer single home and non portable prefix Customer is not APNIC member prefix received from upstream ISP –Option 2: Customer single home and portable prefix Customer is APNIC member receive allocation as service provider but no AS number yet –Option 3: Customer multihome and non portable prefix Customer is not APNIC member both prefix and ASN received from upstream ISP –Option 4: Customer multihome and portable prefix Customer is APNIC member both prefix and ASN received from APNIC

6 Prefix Filtering BCP [Single home] Option 1: Customer single home and non portable prefix Internet upstream downstream AS17821 Static 3fff:ffff:dcdc::/48 to customer WAN Interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 NO BGP Static Default to ISP WAN Interface

7 Prefix Filtering BCP [Single home] Option 2: : Customer single home and portable prefix Internet upstream downstream AS17821 Static 2001:0DB8::/32 to customer WAN Interface BGP network 2001:0DB8::/32 AS17821 i Check LoA of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 NO BGP Static Default to ISP WAN Interface Static 2001:0DB8::/32 null0

8 Prefix Filtering [Multihome] Option 3: Customer multihome and non portable prefix Internet upstream can not change AS17821 eBGP peering with customer WAN interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 3fff:ffff:dcdc::/48 AS64500 i or aggregate address from gateway router upstream can change

9 Prefix Filtering [Multihome] Option 4: Customer multihome and portable prefix Internet upstream can change AS17821 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 2001:0DB8::/32 AS64500 i or aggregate address from gateway router upstream can change

10 What is a Routing Registry? A repository (database) of Internet routing policy information Autonomous Systems exchanges routing information via BGP Exterior routing decisions are based on policy based rules However BGP does not provides a mechanism to publish/communicate the policies themselves RR provides this functionality Routing policy information is expressed in a series of objects Stability and consistency of routing Network operators share information

11 RIPE RADB CW APNIC Connect ARIN, ArcStar, FGC, Verio, Bconnex, Optus, Telstra,... IRR = APNIC RR + RIPE DB + RADB + C&W + ARIN + … What is a Routing Registry?

12 What is Routing Policy? Description of the routing relationship between autonomous systems –Who are my BGP peers? Customer, peers, upstream –What routes are: Originated by each neighbour? Imported from each neighbour? Exported to each neighbour? Preferred when multiple routes exist? –What to do if no route exists? –What routes to aggregate?

13 Representation of Routing Policy AS1AS2 In order for traffic to flow from NET2 to NET1 between AS1 and AS2: NET1 NET2 AS1 has to announce NET1 to AS2 via BGP Resulting in packet flow from NET2 to NET1 And AS2 has to accept this information and use it

14 AS1AS2 NET1 NET2 In order for traffic to flow towards from NET1 to NET2: AS2 must announce NET2 to AS1 And AS1 has to accept this information and use it Resulting in packet flow from NET 1 to NET2 Representation of Routing Policy

15 RPSL Routing Policy Specification Language –Object oriented language Based on RIPE-181 –Structured whois objects Higher level of abstraction than access lists Describes things interesting to routing policy: –Routes, AS Numbers … –Relationships between BGP peers –Management responsibility RFC 2622 RFC 2725 RFC 2650

16 Routing Policy - Examples AS 1AS 2 aut-num: AS1 … import:from AS2 action pref= 100; accept AS2 export:to AS2 announce AS1 aut-num: AS2 … import: from AS1 action pref=100; accept AS1 export: to AS1 announce AS2 Basic concept “action pref” - the lower the value, the preferred the route

17 Routing Policy - Examples AS 123 AS4 AS5 More complex example AS4 gives transit to AS5, AS10 AS4 gives local routes to AS123 AS10

18 Routing Policy - Examples AS 123 AS4 AS5 AS5 import: from AS123 action pref=100; accept AS123 aut-num: AS4 import: from AS5 action pref=100; accept AS5 import: from AS10 action pref=100; accept AS10 export: to AS123 announce AS4 export: to AS5 announce AS4 AS10 export: to AS10 announce AS4 AS5 Not a path AS10

19 Routing Policy - Examples AS123 AS4 More complex example AS4 and AS6 private link1 AS4 and AS123 main transit link2 backup all traffic over link1 and link3 in event of link2 failure AS6 private link1 link3 transit traffic over link2

20 Routing Policy - Examples AS123 AS4 AS6 private link1 link3 AS representation transit traffic over link2 import:from AS123 action pref=100; accept ANY aut-num: AS4 import:from AS6 action pref=50; accept AS6 import:from AS6 action pref=200; accept ANY export:to AS6 announce AS4 export:to AS123 announce AS4 full routing received higher cost for backup route

21 Whois Database Recap

22 APNIC Database Public network management database –APNIC whois database contains: Internet resource information and contact details –APNIC Routing Registry (RR) contains: routing information APNIC RR is part of IRR –Distributed databases that mirror each other

23 Database Object An object is a set of attributes and values Each attribute of an object... Has a value Has a specific syntax Is mandatory or optional Is single- or multi-valued Some attributes... Are primary (unique) keys Are lookup keys for queries Are inverse keys for queries –Object “templates” illustrate this structure

24 Person Object Example –Person objects contain contact information person: address: country: phone: fax-no: e-mail: nic-hdl: mnt-by: changed: source: Attributes Values Test Person ExampleNet Service Provider 2 Pandora St Boxville Wallis and Futuna Islands TC +680-368-0844 +680-367-1797 tperson@example.com TP17-AP MAINT-ENET-TC tperson@example.com 20090731 APNIC

25 Database Queries –Flags used for inetnum queries None find exact match - l find one level less specific matches - L find all less specific matches - m find first level more specific matches - M find all More specific matches - x find exact match (if no match, nothing) - d enables use of flags for reverse domains - r turn off recursive lookups

26 Database Protection Authorisation –“mnt-by” references a mntner object Can be found in all database objects “mnt-by” should be used with every object! Authentication –Updates to an object must pass authentication rule specified by its maintainer object

27 Prerequisite for Updating Objects Create person objects for contacts To provide contact info in other objects Create a mntner object To provide protection of objects Protect your person object

28 APNIC Database and the IRR

29 APNIC Database & the IRR APNIC whois Database –Two databases in one Public Network Management Database –“whois” info about networks & contact persons IP addresses, AS numbers etc Routing Registry –contains routing information routing policy, routes, filters, peers etc. –APNIC RR is part of the global IRR

30 Integration of Whois and IRR Integrated APNIC Whois Database & Internet Routing Registry APNIC Whois IRR IP, ASNs, reverse domains, contacts, maintainers etc routes, routing policy, filters, peers etc inetnum, aut-num, domain, person, role, maintainer route, aut-num, as- set, inet-rtr, peering-set etc. Internet resources & routing information

31 Inter-related IRR Objects inetnum: 202.0.16.0 - 202.0.16.255 … tech-c: KX17-AP mnt-by: MAINT-EX aut-num: AS1 … tech-c: KX17-AP mnt-by: MAINT-EX … route: origin: … mnt-by: MAINT-EX person: … nic-hdl: KX17-AP … mntner: MAINT-EX … 202.0.16/24 AS1

32 Inter-related IRR Objects aut-num: AS2 … inetnum: 202.0.16.0-202.0.31.255 … aut-num: AS10 … route: 202.0.16/20 … origin: AS2 … as-set: AS1:AS-customers members: AS10, AS11 route-set: AS2:RS-routes members: 218.2/20, 202.0.16/20 route: 218.2/20 … origin: AS2 … aut-num: AS2 … inetnum: 218.2.0.0 - 218.2.15.255 … aut-num: AS11 …, AS2

33 Hierarchical Authorisation mnt-routes –authenticates creation of route objects creation of route objects must pass authentication of mntner referenced in the mnt-routes attribute –Format: mnt-routes: In: routeaut-numinetnum

34 Authorisation Mechanism inetnum: 202.137.181.0 – 202.137.196.255 netname: SPARKYNET-TC descr: SparkyNet Service Provider … mnt-by: APNIC-HM mnt-lower: MAINT-SPARKYNET1-TC mnt-routes: MAINT-SPARKYNET2-TC This object can only be modified by APNIC Creation of more specific objects within this range has to pass the authentication of MAINT-SPARKYNET1-TC Creation of route objects matching/within this range has to pass the authentication of MAINT-SPARKYNET2-TC

35 Creating Route Objects Multiple authentication checks: –Originating ASN mntner in the mnt-routes is checked If no mnt-routes, mnt-lower is checked If no mnt-lower, mnt-by is checked –AND the address space Exact match & less specific route –mnt-routes etc –AND the route object mntner itself The mntner in the mnt-by attribute aut-num inetnum route

36 Creating Route Objects mntner: MAINT-WF-EXNET auth: CRYPT-PW klsdfji9234 maintainer inetnum: 202.137.240.0 – 202.137.255.255 mnt-routes: MAINT-WF-EXNET IP address range aut-num: AS1 mnt-routes: MAINT-WF-EXNET AS number 1 route: 202.137.240/20 origin: AS1 route 1. Create route object and submit to APNIC RR database 4. DB checks inetnum obj matching/encompassing IP range in route obj 5. Route obj creation must pass auth of mntner specified in inetnum mnt-routes attribute. 3. Route obj creation must pass auth of mntner specified in aut-num mnt-routes attribute. 2. DB checks aut-num obj corresponding to the ASN in route obj 2 3 5 4

37 Using RPSL in practice

38 Overview Review examples of routing policies expression –Peering policies –Filtering policies –Backup connection –Multihoming policies

39 RPSL - review Purpose of RPSL –Allows specification of your routing configuration in the public IRR Allows you to check “Consistency” of policies and announcements –Gives opportunities to consider the policies and configuration of others

40 Address Prefix Range Operator OperatorMeanings ^-Exclusive more specifics of the address prefix: E.g. 128.9.0.0/16^- contains all more specifics of 128.9.0.0/16 excluding 128.9.0.0/16 ^+Inclusive more specific of the address prefix: E.g. 5.0.0.0/8^+ contains all more specifics of 5.0.0.0/8 including 5.0.0.0/8

41 Address Prefix Operator (cont.) OperatorMeanings ^nn = integer, stands for all the length “n” specifics of the address prefix: E.g. 30.0.0.0/8^16 contains all the more specifics of 30.0.0.0/8 which are length of 16 such as 30.9.0.0/16 ^n-mm = integer, stands for all the length “n” to length “m” specifics of the address prefix: E.g. 30.0.0.0/8^24-32 contains all the more specifics of 30.0.0.0/8 which are length of 24 to 32 such as 30.9.9.96/28

42 AS-path regular expressions Regular expressions –A context-independent syntax that can represent a wide variety of character sets and character set orderings –These character sets are interpreted according to the current The Open Group Base Specifications (IEEE) Can be used as a policy filter by enclosing the expression in “ ”.

43 Filter List- Regular Expression Like Unix regular expressions. Match one character *Match any number of preceding expression +Match at least one of preceding expression ^Beginning of line $End of line \Escape a regular expression character _Beginning, end, white-space, brace | Or ()Brackets to contain expression [ ]Brackets to contain number ranges Source: www.cisco.com

44 AS-path Regular Expression OperatorMeanings Route whose AS-path contains AS3 Routes whose AS-path starts with AS1 Routes whose AS-path end with AS2 Routes whose AS-path is exactly “1 2 3” AS-path starts with AS1 and ends in AS2 with any number ASN in between AS-path starts with AS3 and ends in AS3 and AS3 is the first member of the path and AS3 occurs one or more times in the path and no other AS can be present in the path after AS3

45 AS-path Regular Expression (cont.) OperatorMeanings Routes whose AS-path is with AS3 or AS4 Routes whose AS-path with AS3 followed by AS4

46 Common Peering Policies Peering policies of an AS –Registered in an aut-num object Internet AS 1 AS 2 AS 3 ISP (Transit provider) Customer AS 4AS 5

47 Common Peering Policies Policy for AS3 in the AS2 aut-num object aut-num: AS2 as-name: SAMPLE-NET dsescr: Sample AS import: from AS1 accept ANY import: from AS3 accept export: to AS3 announce AS2 export: to AS1 announce AS2 AS3 admin-c: TP1-AP tech-c: TP2-AP mtn-by: MAINT-SAMPLE-AP changed: sample@sample.net

48 Transit Provider Policies Peering policies of an AS –Registered in an aut-num object Internet AS 1 AS 2 AS 3 ISP (Transit provider) Customer AS 4AS 5

49 ISP Customer – Transit Provider Policies Policy for AS3 and AS4 in the AS2 aut-num object aut-num: AS2 import: from AS1 accept ANY import: from AS3 accept import: from AS4 accept export: to AS3 announce ANY export: to AS4 announce ANY export: to AS1 announce AS2 AS3 AS4

50 AS-set Object Describe the customers of AS2 as-set: AS2:AS-CUSTOMERS members: AS3 AS4 changed: sample@sample.netsample@sample.net source: APNIC

51 Aut-num Object referring as-set Object aut-num: AS2 import: from AS1 accept ANY import: from AS2:AS-CUSTOMERS accept export: to AS2:AS-CUSTOMERS announce ANY export: to AS1 announce AS2 AS2:AS-CUSTOMERS aut-num: AS1 import: from AS2 accept export: ………

52 Express Filtering Policy To limit the routes one accepts from a peer –To prevent the improper use of unassigned address space –To prevent malicious use of another organisation’s address space

53 Filtering Policy AS 2 AS 3 7.7.0.0/20 allocated by RIR AS3 wants to announce part or all of 7.7.0.0/20 on the global Internet. AS2 wants to be certain that it only accepts announcements from AS3 for address space that has been properly allocated to AS3. Internet

54 Aut-num Object with Filtering Policy aut-num: AS2 import: from AS3 accept { 7.7.0.0/20^20-24 } ……. For an ISP with a growing or changing customer base, this mechanism will not scale well. Route-set object can be used.

55 IRRToolSet Set of tools developed for using the Internet Routing Registry (IRR) Work with Internet routing policies –These policies are stored in IRR in the Routing Policy Specification Language (RPSL) The goal of the IRRToolSet is to make routing information more convenient and useful for network engineers –Tools for automated router configuration, –Routing policy analysis –On-going maintenance etc.

56 IRRToolSet Download: ftp://ftp.isc.org/isc/IRRToolSet/ftp://ftp.isc.org/isc/IRRToolSet/ Installation needs: lex, yacc and C++ compiler root@bofh:~ #wget ftp://ftp.isc.org/isc/IRRToolSet/IRRToolSet- 5.0.1/irrtoolset-5.0.1.tar.gz root@bofh:~ # tar –zxvf irrtoolset-5.0.1.tar.gz root@bofh:~ # cd irrtoolset-5.0.1 root@bofh:~irrtoolset-5.0.1#./configure root@bofh:~irrtoolset-5.0.1# make root@bofh:~irrtoolset-5.0.1# make install

57 IRRToolSet root@bofh:~ whois –h whois.apnic.net AS17821 #####snipped###### mp-import: afi any.unicast { from AS-ANY accept ANY AND NOT RS-MARTIANS; } refine { from AS-ANY action pref = 50; accept community.contains(17821:50); from AS-ANY action pref = 30; accept community.contains(17821:70); from AS-ANY action pref = 10; accept community.contains(17821:90); from AS-ANY action pref = 0; accept ANY; } refine afi ipv4.unicast {

58 IRR Toolset, RPSL: rtconfig(Contd) Cisco Specific @rtconfig set cisco_map_name = @rtconfig set cisco_map_first_no = @rtconfig set cisco_map_increment_by = @rtconfig set cisco_prefix_acl_no = @rtconfig set cisco_aspath_acl_no = @rtconfig set cisco_pktfilter_acl_no = @rtconfig set cisco_community_acl_no = @rtconfig set cisco_access_list_no = @rtconfig set cisco_max_preference = @rtconfig networks @rtconfig inbound_pkt_filter

59 IRR Toolset, RPSL: rtconfig(Contd) Junos Specific @rtconfig set junos_policy_name = @rtconfig networks

60 Page 60 IRR Toolset, RPSL: rtconfig Input File(Provision) router bgp 17821 neighbor 103.4.108.54 remote-as 131107 neighbor 103.4.108.54 version 4 ! # X Communication Ltd @RtConfig set cisco_access_list_no = 500 @RtConfig set cisco_map_name = "AS58715-IN" @RtConfig import AS131208 103.4.108.62 AS58715 103.4.108.61 @RtConfig set cisco_access_list_no = 599 @RtConfig set cisco_map_name = "ANY" @RtConfig export AS131208 103.4.108.62 AS58715 103.4.108.61 ! # xyz Ltd @RtConfig set cisco_access_list_no = 501 @RtConfig set cisco_map_name = "AS58656-IN" @RtConfig import AS131208 103.4.108.94 AS58656 103.4.108.93 @RtConfig set cisco_access_list_no = 599 @RtConfig set cisco_map_name = "ANY" @RtConfig export AS131208 103.4.108.94 AS58656 103.4.108.93 ! end

61 Use of RPSL - RtConfig RtConfig part of IRRToolSet Reads policy from IRR (aut-num, route & -set objects) and generates router configuration – vendor specific: Cisco, Bay's BCC, Juniper's Junos and Gated/RSd –Creates route-map and AS path filters –Can also create ingress / egress filters

62 IRR Toolset, RPSL: Uploading Configuration Various ways to upload configuration: –SNMP Write –NETCONF XML Based –Automated Script using expect

63 Why use IRR and RtConfig? Benefits of RtConfig –Avoid filter errors (typos) –Expertise encoded in the tools that generate the policy rather than engineer configuring peering session –Filters consistent with documented policy (need to get policy correct though)

64 New Initiative RPKI

65 What is RPKI? Resource Public Key Infrastructure (RPKI) A robust security framework for verifying the association between resource holder and their Internet resources Created to address the issues in RFC 4593 “Generic Threats to Routing Protocols” Helps to secure Internet routing by validating routes –Proof that prefix announcements are coming from the legitimate holder of the resource 65

66 Benefits of RPKI - Routing Similar objective as IRR but in a robust and scalable way Prevents route hijacking –A prefix originated by an AS without authorization –Reason: malicious intent Prevents mis-origination –A prefix that is mistakenly originated by an AS which does not own it –Also route leakage –Reason: configuration mistake / fat finger 66

67 BGP Security (BGPsec) Extension to BGP that provides improved security for BGP routing Currently an IETF Internet draft Implemented via a new optional non-transitive BGP path attribute that contains a digital signature Two things: –BGP Prefix Origin Validation (using RPKI) –BGP Path Validation Similar efforts in the early days – IDR working group, S-BGP 67

68 RPKI Infrastructure A system to manage the creation and storage of digital certificates and the associated Route Origin Authorization documents Main Components –Certificate Authority (CA) –Relying Party (RP) –Routers with RPKI support 68

69 Issuing Party Internet Registries (RIR, NIR, Large LIRs) Acts as a Certificate Authority and issues certificates for customers Provides a web interface to issue ROAs for customer prefixes Publishes the ROA records 69 APNIC RPKI Engine publication MyAPNIC GUI Repository rpki.apnic.net 11

70 Route Origin Authorization (ROA) A digital object that contains a list of address prefixes and one AS number It is an authority created by a prefix holder to authorize an AS Number to originate one or more specific route advertisements Publish an ROA using MyAPNIC 70

71 X.509 Certificate with 3779 Extension 71 Resource certificates are based on the X.509 v3 certificate format (RFC 5280) Extended by RFC 3779 – binds a list of resources (IP, ASN) to the subject of the certificate SIA – Subject Information Access; contains a URI that references the directory X.509 Certificate RFC 3779 Extension SIA Owner's Public Key

72 Relying Party (RP) 72

73 RPKI Components 73

74 Router Origin Validation Router must support RPKI Checks an RP cache / validator Validation returns 3 states: –Valid = when authorization is found for prefix X –Invalid = when authorization is found for prefix X but not from ASN Y –Unknown = when no authorization data is found Vendor support: –Cisco IOS – solid in 15.2 –Cisco IOS/XR – shipped in 4.3.2 –Juniper – shipped in 12.2 –Alcatel Lucent – in development 74

75 How to start? Create ROA records in MyAPNIC Build an RP cache Configure your router to use the cache (or a public one) Create BGP policies 75

76 How to build RP Cache Download and install from rpki.net Instructions here: https://trac.rpki.net/wiki/doc/RPKI/Installation/UbuntuPacka ges https://trac.rpki.net/wiki/doc/RPKI/Installation/UbuntuPacka ges 76

77 Configure Router to Use Cache router bgp 17821 … bgp rpki server tcp 10.0.0.3 port 43779 refresh 60 Bgp rpki server tcp 147.28.0.84 port 93920 refresh 60 77

78 How does it look in BGP Table 78 NetworkNext HopMetric LocPrf Weight Path * i I198.180.150.0144.232.9.611000 1239 3927 i *> * *> * *> * I V198.180.152.0 V N198.180.155.0 N 199.238.113.9 129.250.11.41 199.238.113.9 129.250.11.41 199.238.113.9 129.250.11.41 0 2914 3927 i 0 2914 4128 i 0 2914 22773 i 199.238.113.9 129.250.11.41 *> N198.180.160.0 5752 i * N 5752 i 0 2914 23308 13408 RPKI Lab – Randy Bush 24 r0.sea#sh ip bgp

79 More personalised service –Range of languages: Bahasa Indonesia, Bengali, Cantonese, English, Hindi, Mandarin, Thai, etc. Faster response and resolution of queries –IP resource applications, status of requests, obtaining help in completing application forms, membership enquiries, billing issues & database enquiries Member Services Helpdesk -One point of contact for all member enquiries -Online chat services Helpdesk hours 9:00 am - 9:00 pm (AU EST, UTC + 10 hrs) ph: +61 7 3858 3188fax: 61 7 3858 3199

80 80

81 Thank You

Download ppt "Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC."

Similar presentations

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.

APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
Courtesy: Nick McKeown, Stanford Umar Kalim, NIIT 1 Border Gateway Protocol Tahir Azim.

Courtesy: Nick McKeown, Stanford Umar Kalim, NIIT 1 Border Gateway Protocol Tahir Azim.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
Save Vocea/ Sanjaya - APNIC PacINET2002 28 November 2002, Fiji APNIC Whois Tutorial.

Save Vocea/ Sanjaya - APNIC PacINET November 2002, Fiji APNIC Whois Tutorial.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
BGP.

BGP.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Routing Registries What are they, how do they work, and why should I care? Larry Blunk, Merit Network, Inc.The Quilt Peering Workshop, Fall 2006.

Routing Registries What are they, how do they work, and why should I care? Larry Blunk, Merit Network, Inc.The Quilt Peering Workshop, Fall 2006.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Similar presentations

Ads by Google