SlideShare a Scribd company logo

Deployment factors and Current status

APNIC
APNIC

A presentation given at APRICOT 2015 during the RPKI Deployment Panel session.

Internet
1 of 19
Download to read offline
Deployment factors and Current status Tomoya Yoshida <yoshida@mfeed.ad.jp> 2015/3/3
Agenda • RPKI deployment factors • ROA cache in JP • Issues 12015/3/3
RPKI deployment factors 2 RPKI service Operational practice Router’s implementation variety of tools Motivation / impact RPKI hackathon/hands-on RPKI Tools and web-based tools 5RIRs have. JPNIC’s service is coming soon Similar to Kaminsky DNS vulnerability? Cisco, Juniper, Alcatel etc.. getting enhanced 2015/3/3
RPKI deployment factors 3 RPKI service Operational practice Router’s implementation variety of tools Motivation / impact RPKI hackathon/hands-on RPKI Tools and web-based tools 5RIRs have. JPNIC’s service is coming soon Similar to Kaminsky DNS vulnerability? Cisco, Juniper, Alcatel etc.. getting enhanced 2015/3/3
Background 42015/3/3 • In Asia (incl. Japan), the speed of RPKI deployment seems MUCH slower than RIPE region.... http://certification-stats.ripe.net/ RIPE APNIC We want to accelarate the deployment of RPKI in Japan! Fig. Number of ROAs
RPKI hands-on in Jul. 2014 2015/3/3 5 • RPKI Hands-on seminar with JPNIC • Made a survey of RPKI trend
2015/3/3 6
2015/3/3 7
Seminar participants’ voice 2015/3/3 8 • “I can understand how important RPKI is.” • “But, it is difficult to make my bosses and/or managers understand the cost of introducing it.” • “I felt it is a bit difficult for small ISPs/networks to manage ROA cache server, both technically and operationally. We want a public one.”
JPNAP/JPNIC launched RPKI ROA Public cache 9 Internet Multifeed (JPNAP) JPNIC RPKI ROA cache RPKI ROA cache RPKI ROA Service Segment AS BGP Router Prefix-Maxlen: 192.0.2.0/24-24 OriginAS: 64500 ROA Information Using rpki-rtr Protocol you can receive RPKI ROA cache Information from those Servers. ROA cache server
IMF RPKI Project Page http://www.jpnap.net/rpki/ 102015/3/3
2015/3/3 11
2015/3/3 12
2015/3/3 13
Issues 2015/3/3 14 • We cannot provide RPKI information from ARIN • ARIN RPA (Relying Party Agreement) prohibits to provide their data to a third party now. • TLS encryption of RPKI-RTR(tcp:323) is not supported well for now • In case of using public cache, it is important to encrypt the transferred data. • Currently, Cisco, Juniper and Alcatel doesn't support rpki-rtr-tls protocol • Strange behavior on JUNOS devices • When you enable validation on JUNOS routers it unexpectedly starts listening on tcp:2222. • It’s intended for router internal use only(?) • Be sure to filter out access to above port from the Internet. Otherwise your router will suffer from scans/attacks targeting ssh port 2222, and may crash in the worst case. Horrible.
Issues 2015/3/3 15 • Strange behavior on Cisco CSRs • “show ip bgp/show ip bgp ipv6 unicast” shows that all routes are VALID (which should be NOT FOUND) when • 1. your router has one ore more BGP routes, and • 2. you first enable RPKI, and • 3. no ROA record received from ROA cache server. • Once ANY ROA is received, all validation states are correctly shown as expected. • Cf. JUNOS shows those routes as “Unverified” • Weird. May be a bug? • Observed on Cisco CSR/IOS-XE version 03.12.00.S • Workarounds: • Router reload • BGP reset • Shutdown BGP before configuring RPKI
Step by Step RPKI deployment on JPNAP 2015/3/3 16 16 1-2 . At initial stage, ISP use JPNAP ROA cache ( for people who think it’s difficult to operate by themselves) Internet ISPISP JPNAP ISPISP RFEED route-server ARIN RIPE APNIC LACNIC AFRINIC AS7521 RPKI testbed segment JuniperCisco ROA cache server 2-1. How to see our routes at RPKI router? 2-2. How to see our routes at Juniper RPKI validated router? 1-1. Main : ISP’s ROA cache Secondary : JPNAP ROA cache for backup STEP1STEP2 STEP2 STEP1 STEP2 STEP3 STEP3 3. RPKI validation at JPNAP route-server
RPKI deployment factors 17 RPKI service Operational practice Routers implementation variety of tools Motivation / impact RPKI hackathon/hands-on RPKI Tools and web-based tools 5RIR have. JPNIC’s pilot, service is coming sonn Similar to Kaminsky DNS vulnerability? Cisco, Juniper, Alcatel etc.. getting enhanced 2015/3/3
Thank you! 2015/3/3 18

Recommended

Measuring IPv6 ISP performance
Measuring IPv6 ISP performanceMeasuring IPv6 ISP performance
Measuring IPv6 ISP performanceAPNIC
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
 
Government
Government Government
Government APNIC
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performanceAPNIC
 
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]APNIC
 
btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?APNIC
 
Securing the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsSecuring the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsAPNIC
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity reportAPNIC
 

Recommended

Measuring IPv6 ISP performance
Measuring IPv6 ISP performanceMeasuring IPv6 ISP performance
Measuring IPv6 ISP performanceAPNIC
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
 
Government
Government Government
Government APNIC
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performanceAPNIC
 
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]APNIC
 
btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?APNIC
 
Securing the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsSecuring the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsAPNIC
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity reportAPNIC
 
APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesAPNIC
 
APNIC Update: ARIN 37
APNIC Update: ARIN 37APNIC Update: ARIN 37
APNIC Update: ARIN 37Bhadrika Magan
 
IPv6 Update
IPv6 UpdateIPv6 Update
IPv6 UpdateSiena Perry
 
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...Indonesia Network Operators Group
 
ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?APNIC
 
IPv6 readiness among APEC TEL member economies
IPv6 readiness among APEC TEL member economiesIPv6 readiness among APEC TEL member economies
IPv6 readiness among APEC TEL member economiesAPNIC
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesAPNIC
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member GatheringAPNIC
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC
 
IPv6 at Comcast, PTC17
IPv6 at Comcast, PTC17IPv6 at Comcast, PTC17
IPv6 at Comcast, PTC17APNIC
 
Taiwan Internet Infrastructure
Taiwan Internet InfrastructureTaiwan Internet Infrastructure
Taiwan Internet InfrastructureAPNIC
 
Asia Pacific Internet Leadership Program
Asia Pacific Internet Leadership ProgramAsia Pacific Internet Leadership Program
Asia Pacific Internet Leadership ProgramAPNIC
 
APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC
 
Internet infrastructure in the South East Asia region
Internet infrastructure in the South East Asia regionInternet infrastructure in the South East Asia region
Internet infrastructure in the South East Asia regionAPNIC
 
IPv6 deployment status
IPv6 deployment statusIPv6 deployment status
IPv6 deployment statusAPNIC
 
CNNIC OPM: Global IP address allocation update
CNNIC OPM: Global IP address allocation updateCNNIC OPM: Global IP address allocation update
CNNIC OPM: Global IP address allocation updateAPNIC
 
AFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateAFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateRobbie Mitchell
 
Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5APNIC
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 

More Related Content

What's hot

APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesAPNIC
 
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...Indonesia Network Operators Group
 
ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?APNIC
 
IPv6 readiness among APEC TEL member economies
IPv6 readiness among APEC TEL member economiesIPv6 readiness among APEC TEL member economies
IPv6 readiness among APEC TEL member economiesAPNIC
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesAPNIC
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member GatheringAPNIC
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC
 
IPv6 at Comcast, PTC17
IPv6 at Comcast, PTC17IPv6 at Comcast, PTC17
IPv6 at Comcast, PTC17APNIC
 
Taiwan Internet Infrastructure
Taiwan Internet InfrastructureTaiwan Internet Infrastructure
Taiwan Internet InfrastructureAPNIC
 
Asia Pacific Internet Leadership Program
Asia Pacific Internet Leadership ProgramAsia Pacific Internet Leadership Program
Asia Pacific Internet Leadership ProgramAPNIC
 
APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC
 
Internet infrastructure in the South East Asia region
Internet infrastructure in the South East Asia regionInternet infrastructure in the South East Asia region
Internet infrastructure in the South East Asia regionAPNIC
 
IPv6 deployment status
IPv6 deployment statusIPv6 deployment status
IPv6 deployment statusAPNIC
 
CNNIC OPM: Global IP address allocation update
CNNIC OPM: Global IP address allocation updateCNNIC OPM: Global IP address allocation update
CNNIC OPM: Global IP address allocation updateAPNIC
 
AFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateAFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateRobbie Mitchell
 
Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5APNIC
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC
 

What's hot (20)

APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member States
 
APNIC Update: ARIN 37
APNIC Update: ARIN 37APNIC Update: ARIN 37
APNIC Update: ARIN 37
 
IPv6 Update
IPv6 UpdateIPv6 Update
IPv6 Update
 
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
 
ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?
 
IPv6 readiness among APEC TEL member economies
IPv6 readiness among APEC TEL member economiesIPv6 readiness among APEC TEL member economies
IPv6 readiness among APEC TEL member economies
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government Agencies
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member Gathering
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: Myanmar
 
IPv6 at Comcast, PTC17
IPv6 at Comcast, PTC17IPv6 at Comcast, PTC17
IPv6 at Comcast, PTC17
 
Taiwan Internet Infrastructure
Taiwan Internet InfrastructureTaiwan Internet Infrastructure
Taiwan Internet Infrastructure
 
Asia Pacific Internet Leadership Program
Asia Pacific Internet Leadership ProgramAsia Pacific Internet Leadership Program
Asia Pacific Internet Leadership Program
 
APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017
 
Internet infrastructure in the South East Asia region
Internet infrastructure in the South East Asia regionInternet infrastructure in the South East Asia region
Internet infrastructure in the South East Asia region
 
IPv6 deployment status
IPv6 deployment statusIPv6 deployment status
IPv6 deployment status
 
CNNIC OPM: Global IP address allocation update
CNNIC OPM: Global IP address allocation updateCNNIC OPM: Global IP address allocation update
CNNIC OPM: Global IP address allocation update
 
AFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateAFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC Update
 
Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3
 

Similar to Deployment factors and Current status

PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsAPNIC
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingAPNIC
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessAPNIC
 
World IPv6 Day in indonesia
World IPv6 Day in indonesiaWorld IPv6 Day in indonesia
World IPv6 Day in indonesiaAffan Basalamah
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorialsaryu2011
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
Routing Security Roadmap
Routing Security RoadmapRouting Security Roadmap
Routing Security RoadmapAPNIC
 
Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?APNIC
 
Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN FrameworkAPNIC
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
IXP Route Servers with RPKI and IXP Manager
IXP Route Servers with RPKI and IXP ManagerIXP Route Servers with RPKI and IXP Manager
IXP Route Servers with RPKI and IXP ManagerAPNIC
 
IX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongIX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongMyNOG
 

Similar to Deployment factors and Current status (20)

PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and Operations
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet Routing
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
 
Ccna2v3 mod07
Ccna2v3 mod07Ccna2v3 mod07
Ccna2v3 mod07
 
World IPv6 Day in indonesia
World IPv6 Day in indonesiaWorld IPv6 Day in indonesia
World IPv6 Day in indonesia
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Routing Security Roadmap
Routing Security RoadmapRouting Security Roadmap
Routing Security Roadmap
 
Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?
 
Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN Framework
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS Approach
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKI
 
IXP Route Servers with RPKI and IXP Manager
IXP Route Servers with RPKI and IXP ManagerIXP Route Servers with RPKI and IXP Manager
IXP Route Servers with RPKI and IXP Manager
 
IX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongIX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee Yong
 

More from APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 

More from APNIC (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 

Recently uploaded

10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 

Recently uploaded (20)

10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 

Deployment factors and Current status

  • 1. Deployment factors and Current status Tomoya Yoshida <yoshida@mfeed.ad.jp> 2015/3/3
  • 2. Agenda • RPKI deployment factors • ROA cache in JP • Issues 12015/3/3
  • 3. RPKI deployment factors 2 RPKI service Operational practice Router’s implementation variety of tools Motivation / impact RPKI hackathon/hands-on RPKI Tools and web-based tools 5RIRs have. JPNIC’s service is coming soon Similar to Kaminsky DNS vulnerability? Cisco, Juniper, Alcatel etc.. getting enhanced 2015/3/3
  • 4. RPKI deployment factors 3 RPKI service Operational practice Router’s implementation variety of tools Motivation / impact RPKI hackathon/hands-on RPKI Tools and web-based tools 5RIRs have. JPNIC’s service is coming soon Similar to Kaminsky DNS vulnerability? Cisco, Juniper, Alcatel etc.. getting enhanced 2015/3/3
  • 5. Background 42015/3/3 • In Asia (incl. Japan), the speed of RPKI deployment seems MUCH slower than RIPE region.... http://certification-stats.ripe.net/ RIPE APNIC We want to accelarate the deployment of RPKI in Japan! Fig. Number of ROAs
  • 6. RPKI hands-on in Jul. 2014 2015/3/3 5 • RPKI Hands-on seminar with JPNIC • Made a survey of RPKI trend
  • 9. Seminar participants’ voice 2015/3/3 8 • “I can understand how important RPKI is.” • “But, it is difficult to make my bosses and/or managers understand the cost of introducing it.” • “I felt it is a bit difficult for small ISPs/networks to manage ROA cache server, both technically and operationally. We want a public one.”
  • 10. JPNAP/JPNIC launched RPKI ROA Public cache 9 Internet Multifeed (JPNAP) JPNIC RPKI ROA cache RPKI ROA cache RPKI ROA Service Segment AS BGP Router Prefix-Maxlen: 192.0.2.0/24-24 OriginAS: 64500 ROA Information Using rpki-rtr Protocol you can receive RPKI ROA cache Information from those Servers. ROA cache server
  • 11. IMF RPKI Project Page http://www.jpnap.net/rpki/ 102015/3/3
  • 15. Issues 2015/3/3 14 • We cannot provide RPKI information from ARIN • ARIN RPA (Relying Party Agreement) prohibits to provide their data to a third party now. • TLS encryption of RPKI-RTR(tcp:323) is not supported well for now • In case of using public cache, it is important to encrypt the transferred data. • Currently, Cisco, Juniper and Alcatel doesn't support rpki-rtr-tls protocol • Strange behavior on JUNOS devices • When you enable validation on JUNOS routers it unexpectedly starts listening on tcp:2222. • It’s intended for router internal use only(?) • Be sure to filter out access to above port from the Internet. Otherwise your router will suffer from scans/attacks targeting ssh port 2222, and may crash in the worst case. Horrible.
  • 16. Issues 2015/3/3 15 • Strange behavior on Cisco CSRs • “show ip bgp/show ip bgp ipv6 unicast” shows that all routes are VALID (which should be NOT FOUND) when • 1. your router has one ore more BGP routes, and • 2. you first enable RPKI, and • 3. no ROA record received from ROA cache server. • Once ANY ROA is received, all validation states are correctly shown as expected. • Cf. JUNOS shows those routes as “Unverified” • Weird. May be a bug? • Observed on Cisco CSR/IOS-XE version 03.12.00.S • Workarounds: • Router reload • BGP reset • Shutdown BGP before configuring RPKI
  • 17. Step by Step RPKI deployment on JPNAP 2015/3/3 16 16 1-2 . At initial stage, ISP use JPNAP ROA cache ( for people who think it’s difficult to operate by themselves) Internet ISPISP JPNAP ISPISP RFEED route-server ARIN RIPE APNIC LACNIC AFRINIC AS7521 RPKI testbed segment JuniperCisco ROA cache server 2-1. How to see our routes at RPKI router? 2-2. How to see our routes at Juniper RPKI validated router? 1-1. Main : ISP’s ROA cache Secondary : JPNAP ROA cache for backup STEP1STEP2 STEP2 STEP1 STEP2 STEP3 STEP3 3. RPKI validation at JPNAP route-server
  • 18. RPKI deployment factors 17 RPKI service Operational practice Routers implementation variety of tools Motivation / impact RPKI hackathon/hands-on RPKI Tools and web-based tools 5RIR have. JPNIC’s pilot, service is coming sonn Similar to Kaminsky DNS vulnerability? Cisco, Juniper, Alcatel etc.. getting enhanced 2015/3/3