SlideShare a Scribd company logo

PLNOG14 Presentation on BGP Origin Validation with RPKI

PROIDEA
PROIDEA

Andrzej Wolski - RIPE Language: English Securing BGP has been on the todo list of the the community at large for many years. Resource Public Key Infrastructure (RPKI) is the latest and most successful initiative. RPKI solves one of the most fundamental problems, it allows to verify whether an Autonomous System (AS) is authorized to announce a specific IP address range. We will look at closely at the state of the RPKI deployment. Successes and failures globally, define areas for improvement and quickly zoom in into our region. Register to the next PLNOG edition: krakow.plnog.pl

Internet
1 of 32
Download to read offline
PLNOG14, Warsaw, Poland Quo Vadis RPKI? Andrzej Wolski Training Services RIPE NCC
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Internet Registry System 2 IANA AFRINIC Africa APNIC Asia Pacific ARIN North America LACNIC Latin America RIPE NCC Eurasia Middle East
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Who we are? 3 •RIPE NCC • Located in Amsterdam • Not for profit membership organisation • One of five RIRs •RIPE Community • Open community • Develops policies • Organised in Working Groups
Andrzej Wolski – PLNOG 14 – Warsaw, Poland What we do? 4 •Distribute IP addresses and AS numbers •Support RIPE community •RIPE Database •Resource Certification (RPKI) •Reverse DNS and K-root server •Training •Research and Statistics •Tools and measurements (RIPE Atlas, RIPEstat) •Resource Certification (RPKI)
Andrzej Wolski – PLNOG 14 – Warsaw, Poland The State of the Global Routing 5 •Largely a trust-based system • Maximum prefix lists • Static prefix lists • IRR sourced • Often unfiltered •Auditing is almost impossible
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Types of Routing Incidents 6 •Misconfiguration • No malicious intentions • Software bugs •Malicious • Competition • Claiming “unused” space •Targeted Traffic Misdirection • Collect and/or temper with data
Andrzej Wolski – PLNOG 14 – Warsaw, Poland BGP Hijacking events in 2014 • Turkey Censorship - Affected open DNS resolvers: Google / Open DNS / Level3 • Syrian Telecom - 1480 prefixes - 206 ASNs • The Bitcoin Hijack - 51 prefixes - 19 ASNs 7
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Fly-By Spammers 8
Andrzej Wolski – PLNOG 14 – Warsaw, Poland The Case for BGP Origin Validation 9 “Would you like a reliable way of telling whether a BGP Route Announcement is authorised by the legitimate holder of the address space?”
Andrzej Wolski – PLNOG 14 – Warsaw, Poland That Should Be Easy, Right?! • Current legitimate holder should be able to make a statement to protect it resources that: - specifies which AS can originate your prefix, and - what the maximum length of that prefix is… 10 AS Number Prefix Maximum Length Submit Route Origin Authorization
Andrzej Wolski – PLNOG 14 – Warsaw, Poland RPKI: Ultra Quick Intro • RIR becomes a Certificate Authority - Puts IPs and ASNs on a digital certificate; issues to LIRs - LIRs use certificate to make statements about their IPs - Statement is called a Route Origin Authorization (ROA) • BGP Origin Validation - Out-of-band solution (whitelisting) - Operators validate and compare ROAs to real-world BGP • Authorised announcements make them happy 😊 • Unauthorised announcements make them sad 😡 PLNOG 10: "BGP Origin Validation with RPKI" Alex Band 11
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Slow start • RIPE NCC worked on a prototype since 2006 • Launched an open beta mid-2010 - Get operational experience and feedback before launch • A limited production service on 1 January 2011 - Only LIR’s address space (no PI, no Legacy) - Only hosted system available with a web interface - No production grade support for Delegated RPKI - First version of RIPE NCC Validator • Other types of address space added with time 12
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Keeping It Simple • Conscious decision to keep it simple - Offer a stable and robust service - Gain operational experience - Gather user feedback - Automate all crypto complexity • Mantra: Simplicity will spur on adoption - RPKI is a new technology - Small to no gains for early adopters - Avoid making users jump through burning hoops 13
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Certification v1 14
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Certification v2 15
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Certification v3 16
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Less Functionality, More Usability • Automate signing and key roll overs - One click setup of resource certificate - User has a valid and published certificate for as long as they are the holder of the resources - Changes in resource holdership are handled automatically • Hide all the crypto complexity from the UI - Hashes, SIA and AIA pointers, etc. • Just focus on creating and publishing ROAs - Match you intended BGP configuration 17
Andrzej Wolski – PLNOG 14 – Warsaw, Poland 18 The current global reality…
Andrzej Wolski – PLNOG 14 – Warsaw, Poland People Requesting a Certificate 19 Source: http://certification-stats.ripe.net
Andrzej Wolski – PLNOG 14 – Warsaw, Poland People Actually Creating ROAs 20 Source: http://certification-stats.ripe.net
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Results 21 Source: http://certification-stats.ripe.net
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Results 22 Source: http://www.potaroo.net/ispcol/2015-01/bgp2014.html
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Results 23 Source: http://rpki.surfnet.pl/
Andrzej Wolski – PLNOG 14 – Warsaw, Poland A Success Story • Ecuador Internet Exchange (NAP.EC) - two Cisco ASR-1001 route servers in different locations - two redundant servers installed • each one with two different validators - RIPE NCC and rpki.net 24 • Origin validation was implemented in the route servers • No action was taken regarding RPKI validity status
Andrzej Wolski – PLNOG 14 – Warsaw, Poland What Operators Tell Us… • Give me new data faster! • Running the delegated model is not interesting - They prefer an API into the hosted system for now • Used to have stale route objects, now stale ROAs • The various relying party tools are not that mature • There are different flavours of invalid announcement but I can’t filter on them in my router - “Unauthorized AS” and “Too specific prefix” 25
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Our Future Plans • Merge IRR ‘route’ object management in RPKI UI • Replace rsync as protocol for fetching data - something faster and more scalable (HTTP) • Support Inter-RIR transfers • Aligning efforts between RIRs • Production support for the delegated model - Yes, really… 😉 • End Goal: Path Validation (BGPSEC) • Major change to BGP msgs (on-line crypto) 26
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Why Should You Care? • Your inbound and outbound traffic can be passively intercepted • Your data can be: • stored • dropped • filtered • modified • It’s unlikely to be noticed, unless you’re looking for it 27
Andrzej Wolski – PLNOG 14 – Warsaw, Poland What Should You DO? • Go to LIR Portal > Resource Certification • create your CA • create a Route Origin Authorisations (ROAs) for your announcements 28 • Feedback button and live chat in the mgmt UI • Monthly webinars dedicated to RPKI • Integral part of RIPE NCC Routing Security course
Andrzej Wolski – PLNOG 14 – Warsaw, Poland You decide 29 • As an announcer/LIR • You choose if you want certification • You choose if you want to create ROAs • You choose AS, max length • As a Relying Party • You can choose if you use the validator • You can override the lists of valid ROAs in the cache, adding or removing valid ROAs locally • You can choose to make any routing decisions based on the results of the BGP Verification (valid/invalid/unknown)
Andrzej Wolski – PLNOG 14 – Warsaw, Poland RPKI Support in Routers 30 • RPKI and RPKI-RTR Protocol are an IETF standard • All router vendors can implement it • Cisco support: • XR 4.2.1 (CRS-x, ASR9000, c12K) / XR 5.1.1 (NCS6000, XRv) • XE 3.5 (C7200, c7600, ASR1K, CSR1Kv, ASR90x, ME3600…) • IOS15.2(1)S • Juniper has support since version 12.2 • Quagga has support through BGP-SRX • BIRD has support for ROA but does not do RPKI-RTR
Andrzej Wolski – PLNOG 14 – Warsaw, Poland Community Activity • Open source RPKI Tools - rpki.net • SURFnet RPKI Dashboard - rpki.surfnet.nl • BGPMon Route Monitoring - bgpmon.net/services/route-monitoring/ • RIPE NCC Github - github.com/RIPE-NCC 31
Questions? Andrzej Wolski – PLNOG 14 – Warsaw, Poland 32 ripe.net/certification #RPKI

Recommended

SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingAPNIC
 
IDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIAPNIC
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationAPNIC
 
SANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationSANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationAPNIC
 
btNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingbtNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingAPNIC
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 

Recommended

SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingAPNIC
 
IDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIAPNIC
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationAPNIC
 
SANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationSANOG 34: Internet number registry services - the next generation
SANOG 34: Internet number registry services - the next generationAPNIC
 
btNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingbtNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingAPNIC
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 
mnNOG 2: Measuring RPKI
mnNOG 2: Measuring RPKImnNOG 2: Measuring RPKI
mnNOG 2: Measuring RPKIAPNIC
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
Traffic locality
Traffic localityTraffic locality
Traffic localityAPNIC
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust AnchorAPNIC
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCsAPNIC
 
PacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIAPNIC
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateAPNIC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
Peering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringAPNIC
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Bangladesh Network Operators Group
 
IPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteIPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteAPNIC
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User APNIC
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing APNIC
 
APNIC Updates by Zen Chuan Ng
APNIC Updates by Zen Chuan NgAPNIC Updates by Zen Chuan Ng
APNIC Updates by Zen Chuan NgMyNOG
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial Bangladesh Network Operators Group
 
PLNOG 13: Andrzej Wolski: IPv4 Transfers
PLNOG 13: Andrzej Wolski: IPv4 TransfersPLNOG 13: Andrzej Wolski: IPv4 Transfers
PLNOG 13: Andrzej Wolski: IPv4 TransfersPROIDEA
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...PROIDEA
 
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
4Developers 2015: Testowanie ze Spockiem - Dominik PrzybyszPROIDEA
 

More Related Content

What's hot

mnNOG 2: Measuring RPKI
mnNOG 2: Measuring RPKImnNOG 2: Measuring RPKI
mnNOG 2: Measuring RPKIAPNIC
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
Traffic locality
Traffic localityTraffic locality
Traffic localityAPNIC
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust AnchorAPNIC
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCsAPNIC
 
PacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIAPNIC
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateAPNIC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
Peering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringAPNIC
 
IPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteIPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteAPNIC
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User APNIC
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing APNIC
 
APNIC Updates by Zen Chuan Ng
APNIC Updates by Zen Chuan NgAPNIC Updates by Zen Chuan Ng
APNIC Updates by Zen Chuan NgMyNOG
 
PLNOG 13: Andrzej Wolski: IPv4 Transfers
PLNOG 13: Andrzej Wolski: IPv4 TransfersPLNOG 13: Andrzej Wolski: IPv4 Transfers
PLNOG 13: Andrzej Wolski: IPv4 TransfersPROIDEA
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 

What's hot (20)

mnNOG 2: Measuring RPKI
mnNOG 2: Measuring RPKImnNOG 2: Measuring RPKI
mnNOG 2: Measuring RPKI
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
 
Traffic locality
Traffic localityTraffic locality
Traffic locality
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust Anchor
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing Key
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCs
 
PacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKI
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment Update
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification Tutorial
 
Peering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for Peering
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
 
IPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteIPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental Website
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing
 
APNIC Updates by Zen Chuan Ng
APNIC Updates by Zen Chuan NgAPNIC Updates by Zen Chuan Ng
APNIC Updates by Zen Chuan Ng
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
 
PLNOG 13: Andrzej Wolski: IPv4 Transfers
PLNOG 13: Andrzej Wolski: IPv4 TransfersPLNOG 13: Andrzej Wolski: IPv4 Transfers
PLNOG 13: Andrzej Wolski: IPv4 Transfers
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering Automation
 

Viewers also liked

4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...PROIDEA
 
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
4Developers 2015: Testowanie ze Spockiem - Dominik PrzybyszPROIDEA
 
4Developers 2015: Designing for failure - architecting fault-tolerant system ...
4Developers 2015: Designing for failure - architecting fault-tolerant system ...4Developers 2015: Designing for failure - architecting fault-tolerant system ...
4Developers 2015: Designing for failure - architecting fault-tolerant system ...PROIDEA
 
PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...
PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...
PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...PROIDEA
 
PLNOG14: Prawo w Internecie, fakty i mity - Agata Kowalska
PLNOG14: Prawo w Internecie, fakty i mity - Agata KowalskaPLNOG14: Prawo w Internecie, fakty i mity - Agata Kowalska
PLNOG14: Prawo w Internecie, fakty i mity - Agata KowalskaPROIDEA
 
PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...
PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...
PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...PROIDEA
 
4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...
4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...
4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...PROIDEA
 
4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski
4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski
4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil BorkowskiPROIDEA
 
4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...
4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...
4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...PROIDEA
 
PLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz Trąbiński
PLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz TrąbińskiPLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz Trąbiński
PLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz TrąbińskiPROIDEA
 
PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...
PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...
PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...PROIDEA
 
4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz Kowalczewski4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz KowalczewskiPROIDEA
 
4Developers 2015: Making sense of agile requirements - Łukasz Szydło
4Developers 2015: Making sense of agile requirements - Łukasz Szydło4Developers 2015: Making sense of agile requirements - Łukasz Szydło
4Developers 2015: Making sense of agile requirements - Łukasz SzydłoPROIDEA
 
PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...
PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...
PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...PROIDEA
 
PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...
PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...
PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...PROIDEA
 
4Developers 2015: Overly Attached ORM - Wojciech Chojnacki
4Developers 2015: Overly Attached ORM - Wojciech Chojnacki4Developers 2015: Overly Attached ORM - Wojciech Chojnacki
4Developers 2015: Overly Attached ORM - Wojciech ChojnackiPROIDEA
 
PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj
PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj
PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj PROIDEA
 
4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...
4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...
4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...PROIDEA
 

Viewers also liked (20)

4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
4Developers 2015: Java Memory Consistency Model or intro to multithreaded pro...
 
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
4Developers 2015: Testowanie ze Spockiem - Dominik Przybysz
 
4Developers 2015: Designing for failure - architecting fault-tolerant system ...
4Developers 2015: Designing for failure - architecting fault-tolerant system ...4Developers 2015: Designing for failure - architecting fault-tolerant system ...
4Developers 2015: Designing for failure - architecting fault-tolerant system ...
 
PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...
PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...
PLNOG14: Jak radzimy sobie z rzekomym nieprzystawaniem prawa autorskiego do r...
 
PLNOG14: Prawo w Internecie, fakty i mity - Agata Kowalska
PLNOG14: Prawo w Internecie, fakty i mity - Agata KowalskaPLNOG14: Prawo w Internecie, fakty i mity - Agata Kowalska
PLNOG14: Prawo w Internecie, fakty i mity - Agata Kowalska
 
PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...
PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...
PLNOG14: Usługi zarządzane ICT jako nowy etap partnerstwa z Twoim klientem bi...
 
4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...
4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...
4Developers 2015: Jaka piękna katastrofa w doskonałym świecie, rzecz o archit...
 
4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski
4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski
4Developers 2015: Analiza ruchu w aplikacji AngularJS - Kamil Borkowski
 
4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...
4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...
4Developers 2015: Czterej jeźdźcy apokalipsy, gdy Armagedon w JVM nadchodzi. ...
 
PLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz Trąbiński
PLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz TrąbińskiPLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz Trąbiński
PLNOG14: Historia epickiej wyprawy cz. I - Robert Woźny, Łukasz Trąbiński
 
PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...
PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...
PLNOG14: Od Nova Network przez Neutron do Opencontrail czyli sieć w Openstack...
 
4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz Kowalczewski4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz Kowalczewski
 
4Developers 2015: Making sense of agile requirements - Łukasz Szydło
4Developers 2015: Making sense of agile requirements - Łukasz Szydło4Developers 2015: Making sense of agile requirements - Łukasz Szydło
4Developers 2015: Making sense of agile requirements - Łukasz Szydło
 
PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...
PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...
PLNOG14: Przyszłość usług transmisji danych L2 - Andrzej Zieliński, Mariusz K...
 
PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...
PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...
PLNOG14: Overlay Networking, nowatorskie podejście do budowy wydajnej sieci D...
 
4Developers 2015: Overly Attached ORM - Wojciech Chojnacki
4Developers 2015: Overly Attached ORM - Wojciech Chojnacki4Developers 2015: Overly Attached ORM - Wojciech Chojnacki
4Developers 2015: Overly Attached ORM - Wojciech Chojnacki
 
Motivation
MotivationMotivation
Motivation
 
PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj
PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj
PLNOG15: MPLS and SDN in modern Data Center - Artur Gmaj
 
4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...
4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...
4Developers 2015: Szybciej niż Struś Pędziwiatr - WebSockets w aplikacjach we...
 
Introduction to accounting
Introduction to accountingIntroduction to accounting
Introduction to accounting
 

Similar to PLNOG14 Presentation on BGP Origin Validation with RPKI

Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?APNIC
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoMyNOG
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)RIPE NCC
 
PLNOG 5: Merike Kaeo - Something Old Is New Again
PLNOG 5: Merike Kaeo - Something Old Is New AgainPLNOG 5: Merike Kaeo - Something Old Is New Again
PLNOG 5: Merike Kaeo - Something Old Is New AgainPROIDEA
 
ESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfRIPE NCC
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsAPNIC
 
MyNOG 8: Next Generation Internet Number Registry Services
MyNOG 8: Next Generation Internet Number Registry ServicesMyNOG 8: Next Generation Internet Number Registry Services
MyNOG 8: Next Generation Internet Number Registry ServicesAPNIC
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKIAPNIC
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
 
Certification
CertificationCertification
CertificationRIPE NCC
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4APNIC
 
Resource Certification
Resource CertificationResource Certification
Resource CertificationRIPE NCC
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
 
Recent Developments in RPKI
Recent Developments in RPKIRecent Developments in RPKI
Recent Developments in RPKIRIPE NCC
 

Similar to PLNOG14 Presentation on BGP Origin Validation with RPKI (20)

Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
 
PLNOG 5: Merike Kaeo - Something Old Is New Again
PLNOG 5: Merike Kaeo - Something Old Is New AgainPLNOG 5: Merike Kaeo - Something Old Is New Again
PLNOG 5: Merike Kaeo - Something Old Is New Again
 
ESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdfESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdf
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and Operations
 
MyNOG 8: Next Generation Internet Number Registry Services
MyNOG 8: Next Generation Internet Number Registry ServicesMyNOG 8: Next Generation Internet Number Registry Services
MyNOG 8: Next Generation Internet Number Registry Services
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
 
Certification
CertificationCertification
Certification
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
 
Rpki with rpki.net tools
Rpki with rpki.net toolsRpki with rpki.net tools
Rpki with rpki.net tools
 
Resource Certification
Resource CertificationResource Certification
Resource Certification
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS Approach
 
Recent Developments in RPKI
Recent Developments in RPKIRecent Developments in RPKI
Recent Developments in RPKI
 

Recently uploaded

Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goasexy call girls service in goa
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 

Recently uploaded (20)

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 

PLNOG14 Presentation on BGP Origin Validation with RPKI

  • 1. PLNOG14, Warsaw, Poland Quo Vadis RPKI? Andrzej Wolski Training Services RIPE NCC
  • 2. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Internet Registry System 2 IANA AFRINIC Africa APNIC Asia Pacific ARIN North America LACNIC Latin America RIPE NCC Eurasia Middle East
  • 3. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Who we are? 3 •RIPE NCC • Located in Amsterdam • Not for profit membership organisation • One of five RIRs •RIPE Community • Open community • Develops policies • Organised in Working Groups
  • 4. Andrzej Wolski – PLNOG 14 – Warsaw, Poland What we do? 4 •Distribute IP addresses and AS numbers •Support RIPE community •RIPE Database •Resource Certification (RPKI) •Reverse DNS and K-root server •Training •Research and Statistics •Tools and measurements (RIPE Atlas, RIPEstat) •Resource Certification (RPKI)
  • 5. Andrzej Wolski – PLNOG 14 – Warsaw, Poland The State of the Global Routing 5 •Largely a trust-based system • Maximum prefix lists • Static prefix lists • IRR sourced • Often unfiltered •Auditing is almost impossible
  • 6. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Types of Routing Incidents 6 •Misconfiguration • No malicious intentions • Software bugs •Malicious • Competition • Claiming “unused” space •Targeted Traffic Misdirection • Collect and/or temper with data
  • 7. Andrzej Wolski – PLNOG 14 – Warsaw, Poland BGP Hijacking events in 2014 • Turkey Censorship - Affected open DNS resolvers: Google / Open DNS / Level3 • Syrian Telecom - 1480 prefixes - 206 ASNs • The Bitcoin Hijack - 51 prefixes - 19 ASNs 7
  • 8. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Fly-By Spammers 8
  • 9. Andrzej Wolski – PLNOG 14 – Warsaw, Poland The Case for BGP Origin Validation 9 “Would you like a reliable way of telling whether a BGP Route Announcement is authorised by the legitimate holder of the address space?”
  • 10. Andrzej Wolski – PLNOG 14 – Warsaw, Poland That Should Be Easy, Right?! • Current legitimate holder should be able to make a statement to protect it resources that: - specifies which AS can originate your prefix, and - what the maximum length of that prefix is… 10 AS Number Prefix Maximum Length Submit Route Origin Authorization
  • 11. Andrzej Wolski – PLNOG 14 – Warsaw, Poland RPKI: Ultra Quick Intro • RIR becomes a Certificate Authority - Puts IPs and ASNs on a digital certificate; issues to LIRs - LIRs use certificate to make statements about their IPs - Statement is called a Route Origin Authorization (ROA) • BGP Origin Validation - Out-of-band solution (whitelisting) - Operators validate and compare ROAs to real-world BGP • Authorised announcements make them happy 😊 • Unauthorised announcements make them sad 😡 PLNOG 10: "BGP Origin Validation with RPKI" Alex Band 11
  • 12. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Slow start • RIPE NCC worked on a prototype since 2006 • Launched an open beta mid-2010 - Get operational experience and feedback before launch • A limited production service on 1 January 2011 - Only LIR’s address space (no PI, no Legacy) - Only hosted system available with a web interface - No production grade support for Delegated RPKI - First version of RIPE NCC Validator • Other types of address space added with time 12
  • 13. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Keeping It Simple • Conscious decision to keep it simple - Offer a stable and robust service - Gain operational experience - Gather user feedback - Automate all crypto complexity • Mantra: Simplicity will spur on adoption - RPKI is a new technology - Small to no gains for early adopters - Avoid making users jump through burning hoops 13
  • 14. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Certification v1 14
  • 15. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Certification v2 15
  • 16. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Certification v3 16
  • 17. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Less Functionality, More Usability • Automate signing and key roll overs - One click setup of resource certificate - User has a valid and published certificate for as long as they are the holder of the resources - Changes in resource holdership are handled automatically • Hide all the crypto complexity from the UI - Hashes, SIA and AIA pointers, etc. • Just focus on creating and publishing ROAs - Match you intended BGP configuration 17
  • 18. Andrzej Wolski – PLNOG 14 – Warsaw, Poland 18 The current global reality…
  • 19. Andrzej Wolski – PLNOG 14 – Warsaw, Poland People Requesting a Certificate 19 Source: http://certification-stats.ripe.net
  • 20. Andrzej Wolski – PLNOG 14 – Warsaw, Poland People Actually Creating ROAs 20 Source: http://certification-stats.ripe.net
  • 21. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Results 21 Source: http://certification-stats.ripe.net
  • 22. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Results 22 Source: http://www.potaroo.net/ispcol/2015-01/bgp2014.html
  • 23. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Results 23 Source: http://rpki.surfnet.pl/
  • 24. Andrzej Wolski – PLNOG 14 – Warsaw, Poland A Success Story • Ecuador Internet Exchange (NAP.EC) - two Cisco ASR-1001 route servers in different locations - two redundant servers installed • each one with two different validators - RIPE NCC and rpki.net 24 • Origin validation was implemented in the route servers • No action was taken regarding RPKI validity status
  • 25. Andrzej Wolski – PLNOG 14 – Warsaw, Poland What Operators Tell Us… • Give me new data faster! • Running the delegated model is not interesting - They prefer an API into the hosted system for now • Used to have stale route objects, now stale ROAs • The various relying party tools are not that mature • There are different flavours of invalid announcement but I can’t filter on them in my router - “Unauthorized AS” and “Too specific prefix” 25
  • 26. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Our Future Plans • Merge IRR ‘route’ object management in RPKI UI • Replace rsync as protocol for fetching data - something faster and more scalable (HTTP) • Support Inter-RIR transfers • Aligning efforts between RIRs • Production support for the delegated model - Yes, really… 😉 • End Goal: Path Validation (BGPSEC) • Major change to BGP msgs (on-line crypto) 26
  • 27. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Why Should You Care? • Your inbound and outbound traffic can be passively intercepted • Your data can be: • stored • dropped • filtered • modified • It’s unlikely to be noticed, unless you’re looking for it 27
  • 28. Andrzej Wolski – PLNOG 14 – Warsaw, Poland What Should You DO? • Go to LIR Portal > Resource Certification • create your CA • create a Route Origin Authorisations (ROAs) for your announcements 28 • Feedback button and live chat in the mgmt UI • Monthly webinars dedicated to RPKI • Integral part of RIPE NCC Routing Security course
  • 29. Andrzej Wolski – PLNOG 14 – Warsaw, Poland You decide 29 • As an announcer/LIR • You choose if you want certification • You choose if you want to create ROAs • You choose AS, max length • As a Relying Party • You can choose if you use the validator • You can override the lists of valid ROAs in the cache, adding or removing valid ROAs locally • You can choose to make any routing decisions based on the results of the BGP Verification (valid/invalid/unknown)
  • 30. Andrzej Wolski – PLNOG 14 – Warsaw, Poland RPKI Support in Routers 30 • RPKI and RPKI-RTR Protocol are an IETF standard • All router vendors can implement it • Cisco support: • XR 4.2.1 (CRS-x, ASR9000, c12K) / XR 5.1.1 (NCS6000, XRv) • XE 3.5 (C7200, c7600, ASR1K, CSR1Kv, ASR90x, ME3600…) • IOS15.2(1)S • Juniper has support since version 12.2 • Quagga has support through BGP-SRX • BIRD has support for ROA but does not do RPKI-RTR
  • 31. Andrzej Wolski – PLNOG 14 – Warsaw, Poland Community Activity • Open source RPKI Tools - rpki.net • SURFnet RPKI Dashboard - rpki.surfnet.nl • BGPMon Route Monitoring - bgpmon.net/services/route-monitoring/ • RIPE NCC Github - github.com/RIPE-NCC 31
  • 32. Questions? Andrzej Wolski – PLNOG 14 – Warsaw, Poland 32 ripe.net/certification #RPKI