SlideShare a Scribd company logo

KHNOG 5: RPKI Status Update

APNIC
APNIC

APNIC Technical Trainer Makito Lay presents an update on the status of RPKI in Cambodia and in South East Asia at KHNOG 5, held in Phnom Penh, Cambodia on 22 October 2023.

Internet
1 of 25
Download to read offline
v1.2 1 RPKI Status Updates Presented by: Makito Lay Phnom Penh, Cambodia | 22 October 2023 KHNOG 5 Conference
v1.2 2 Agenda • Internet Routing and BGP Hijack • What is RPKI? • ROA Coverage in Asia / South-Eastern Asia / Cambodia • Common Issues after ROA Creation • ROV Adoption in Cambodia • Recommendations
v1.2 3 Internet Routing Source: Screenshot taken from “3.5.3.4 Packet Tracer - Configure and Verify eBGP.pka” example from Connecting Networks Cisco Networking Academy course
v1.2 4 Internet Routing
v1.2 5 Internet Routing
v1.2 6 BGP Hijack • Announcing a more specific path. • Announcing an address space that is owned by someone else. Source: Williams, R. (2015). street signs being stolen [Image]. https://media.apnarm.net.au/media/images/2015/02/06/IQT_06-02- 2015_NEWS_05_STOLENSIGNS1_t1880.jpg
v1.2 7 What is RPKI? • Resource Public Key Infrastructure. • For mitigating BGP route leaks and hijacks. • ROA and ROV are done cryptographically. – Resource holders use private key to sign authorisations – Other networks use public key to validate the signatures Route Origin Validation (ROV) Other networks check whether the received prefixes are originated by the permitted AS Route Origin Authorisation (ROA) Resource holders permit specific AS to originate their prefixes
v1.2 8 Route Origin Authorisation (ROA) • To be done by resource holder: – Creating ROA for prefixes belong to own address space • Prefix • Origin AS • Max. Length – Also known as “Most Specific Announcement (MSA)” – APNIC members can create ROA in MyAPNIC portal • APNIC Help Centre: ROA objects – https://help.apnic.net/s/article/roa-objects • Route Management – Guide to manage your routes and (RPKI) ROA – https://www.apnic.net/wp-content/uploads/2017/01/route-roa-management-guide.pdf • How to Create ROAs in MyAPNIC – https://www.youtube.com/watch?v=NLG2siznuu4
v1.2 9 ROA Coverage in Asia Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
v1.2 10 ROA Coverage in Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total BT Bhutan, Southern Asia 36,864 98.60% 0 0.00% 512 1.40% 37,376 NP Nepal, Southern Asia 568,064 98.50% 0 0.00% 8,448 1.50% 576,512 LB Lebanon, Western Asia 522,496 96.80% 256 0.00% 17,152 3.20% 539,904 IQ Iraq, Western Asia 700,160 95.60% 2,816 0.40% 29,440 4.00% 732,416 BD Bangladesh, Southern Asia 1,690,553 95.50% 11,596 0.70% 67,840 3.80% 1,769,989 … KP Democratic People's Republic of Korea, Eastern Asia 512 28.60% 0 0.00% 1,280 71.40% 1,792 KZ Kazakhstan, Central Asia 400,639 12.40% 1 0.00% 2,823,936 87.60% 3,224,576 TJ Tajikistan, Central Asia 10,240 12.40% 256 0.30% 72,192 87.30% 82,688 CN China, Eastern Asia 6,642,723 2.20% 441,821 0.10% 293,069,122 97.60% 300,153,666 KR Republic of Korea, Eastern Asia 1,869,346 1.70% 1,246 0.00% 106,616,870 98.30% 108,487,462 XD Asia 317,547,608 38.40% 3,244,556 0.40% 507,154,555 61.30% 827,946,719 Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
v1.2 11 ROA Coverage in South-Eastern Asia Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
v1.2 12 ROA Coverage in South-Eastern Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total LA Lao People's Democratic Republic 76,032 93.40% 512 0.60% 4,864 6.00% 81,408 PH Philippines 5,746,856 93.40% 37,204 0.60% 369,668 6.00% 6,153,728 KH Cambodia 393,211 90.70% 2,565 0.60% 37,632 8.70% 433,408 VN Vietnam 14,055,297 87.70% 86,143 0.50% 1,879,040 11.70% 16,020,480 MM Myanmar 175,872 87.60% 3,072 1.50% 21,760 10.80% 200,704 SG Singapore 9,214,823 76.10% 124,856 1.00% 2,761,407 22.80% 12,101,086 MY Malaysia 4,200,082 67.40% 20,339 0.30% 2,011,393 32.30% 6,231,814 TH Thailand 5,679,029 63.10% 95,307 1.10% 3,232,512 35.90% 9,006,848 TL Timor-Leste 9,216 53.70% 256 1.50% 7,680 44.80% 17,152 ID Indonesia 7,509,802 41.50% 95,702 0.50% 10,487,552 58.00% 18,093,056 BN Brunei Darussalam 57,088 38.90% 0 0.00% 89,856 61.10% 146,944 XU South-Eastern Asia 47,117,308 68.80% 465,956 0.70% 20,903,364 30.50% 68,486,628 Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
v1.2 13 ROA Coverage in Cambodia Source: https://stats.labs.apnic.net/roa/KH (11 Oct 2023) Currently (Oct 2023) 90.70% of Cambodia’s IPv4 addresses have VALID ROA. Was 55.92% at the beginning of May 2022.
v1.2 14 Online RPKI Sessions & Technical Assistance • APNIC delivered monthly online RPKI sessions to targeted networks from June 2022 to January 2023. • One-to-one technical assistance provided by APNIC’s Retained Community Trainer in Khmer.
v1.2 15 Face-to-face RPKI Session • In November 2022, ROA coverage significantly improved following APNIC’s face-to-face RPKI session in Phnom Penh. • Thanks to local community for your cooperation and support!
v1.2 16 Common Issues after ROA Creation • Invalid Origin AS – Multiple origin ASes in Anycast scenario • Solution: Create ROA for each and every origin AS – Prefixes are originated by a different AS • Solution: Create ROA with the actual origin AS • Invalid Prefix Length – Announcing /24s, but ROA covers only up to /23 • Solution: Set Max. Length of the ROA to “/24”
v1.2 17 What’s Next after Having ROA? • ROA is an authorisation that permits a specific AS to originate a specific prefix. • ROAs are created for other networks to perform ROV. • The authorisation is meaningless if no one validates it. • All networks should eventually implement ROV.
v1.2 18 Route Origin Validation (ROV) • Should be done by all networks on the Internet: – Setting up RPKI Validators – Configuring Border Routers to validate received prefixes • VALID – ROA exists, both prefix length and origin AS match with the record • INVALID – ROA exists, but prefix length or/and origin AS mismatch with the record • UNKNOWN / NOT FOUND – ROA does not exist – Implementing routing policies based on validation state • Prefer VALID over UNKNOWN over INVALID; or • Drop INVALID
v1.2 19 ROV Adoption in Cambodia ASN AS Name RPKI Validates Samples 55636 TPLC-KH TPLC Holding Ltd. 98.88% 179 17726 CAMNET-AS Telecom Cambodia 1.65% 121 138606 SUGAPTELTD-AS-AP Suga Pte. Ltd 0.78% 129 9902 NEOCOMISP-KH-AP NEOCOMISP LIMITED, IPTX Transit and Network Service Provider in Cambodia. 0.75% 536 131207 SINET-KH SINET, Cambodias specialist Internet and Telecom Service Provider. 0.71% 1,545 45498 SMART-AXIATA-KH SMART AXIATA Co., Ltd. 0.68% 19,127 17976 CAMGSM-CELLCARD-AS-AP CAMGSM Company Ltd 0.59% 6,480 58424 XINWEITELECOM-KH # 3BEo, Sangkat Beoun Prolit, Khan 7Makara, Phnom Penh. 0.55% 182 38235 MEKONGNET-ADC-AS-AP ANGKOR DATA COMMUNICATION 0.40% 2,725 38209 CAMINTEL-AS CAMINTEL, National Telecommunication Provider, Phnom Penh, Cambodia 0.39% 259 38901 EZECOM-AS-AP EZECOM limited 0.20% 1,961 131178 EZECOM-AS-AP EZECOM limited 0.20% 4,055 23673 ONLINE-AS Cogetel Online, Cambodia, ISP 0.17% 1,171 38623 VIETTELCAMBODIA-AS-AP ISPIXP IN CAMBODIA WITH THE BEST VERVICE IN THERE. 0.17% 35,404 24492 IIT-WICAM-AS-AP WiCAM Corporation Ltd. 0.10% 1,002 … Source: https://stats.labs.apnic.net/rpki/KH (11 Oct 2023)
v1.2 20 ROV Adoption in Cambodia • Cambodia Network eXchange (CNX) is dropping INVALID prefixes and hosting public RPKI Validators. Source: https://lg.sabay.com/routeservers/rs01/protocols/AS55329_1/routes (11 Oct 2023)
v1.2 21 Major Networks Dropping INVALID ASN Name Source 1221 Telstra https://lists.ausnog.net/pipermail/ausnog/2020-July/044367.html 4637 https://www.zdnet.com/article/telstra-to-roll-out-rpki-routing-security-from-june-2020/ 1239 Sprint / T-Mobile https://www.sprint.net/policies/bgp-aggregation-and-filtering 1299 Telia https://www.teliacarrier.com/Our-Network/BGP-Routing/Routing-Security.html 2497 IIJ https://www.iij.ad.jp/en/dev/iir/pdf/iir 2914 NTT https://www.gin.ntt.net/support/policy/rr.cfm#RPKI 3356 Level3 https://twitter.com/lumentechco/status/1374035675742412800 4826 Vocus https://blog.apnic.net/2021/05/13/vocus-rpki-implementation/ 6939 Hurricane Electric https://mailman.nanog.org/pipermail/nanog/2020-June/108277.html 7018 AT&T https://mailman.nanog.org/pipermail/nanog/2019-February/099501.html 7922 Comcast https://corporate.comcast.com/stories/improved-bgp-routing-security-adds-another-layer-of-protection-to-network 9002 RETN https://twitter.com/RETNnet/status/1333735456408793089 16509 Amazon https://aws.amazon.com/blogs/networking-and-content-delivery/how-aws-is-helping-to-secure-internet-routing/ 37100 Seacom https://www.ripe.net/participate/mail/forum/routing- wg/PDZlMzAzMzhhLWVhOTAtNzIxOC1lMzI0LTBjZjMyOGI1Y2NkM0BzZWFjb20ubXU+ … Source: https://taejoong.github.io/pubs/publications/li-2023-rov.pdf (11 Oct 2023)
v1.2 22 Recommendations • Create ROAs for all your prefixes. – Origin AS and Max. Length must match actual BGP announcements • Ensure ROAs are up-to-date upon sub-assignments – Multiple ROAs with different Origin ASes for Anycast prefixes – For networks using leased IPv4 address space, request your lease provider to create relevant ROAs • Regardless whether the address space is in APNIC region • Advise your customers and peers to sign their prefixes. – Unlike Internet Routing Registry (IRR), ROA cannot be proxy-registered • Monitor whether your network is announcing INVALID.
v1.2 23 Recommendations • Implement ROV in your network. – Employ at least two RPKI Validators for redundancy purpose • Ensure consistency across all RPKI Validators – Establish and secure RPKI-to-Router (RTR) sessions – Update routing policies to support ROV • Set LOCAL_PREF based on validation state, or drop INVALID (preferred) • Use BGP Communities to propagate validation state (optional) – For Internet Transit, receive full routing table and drop default route
v1.2 24 Need Help? ROV Implementation & Technical Discussions APNIC Technical Assistance Platform https://academy.apnic.net/technical-assistance ROA Creation & General Enquiries APNIC Help Centre https://help.apnic.net/s Training Resources APNIC Academy https://academy.apnic.net Online Courses: q RPKI Deployment q RPKI Deployment Status: 2022 in Review q Historical Resource Management and the Benefits of RPKI q Hosted vs. Delegated RPKI q Demystifying AS0 q How to set up Router/OS 7 and ROV Virtual Labs: q RPKI Lab with Routinator q RPKI Lab with FORT q RPKI Lab with RPKI-Prover q RPKI Lab (Sandbox)
v1.2 25 Questions & Answers RPKI Status Updates

Recommended

HKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksAPNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
 
Resume
ResumeResume
ResumeOm Prakash
 
Communicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurementsCommunicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurementsAPNIC
 
IETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollIETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollAPNIC
 
IPv6 Implementation and Migration
IPv6 Implementation and MigrationIPv6 Implementation and Migration
IPv6 Implementation and MigrationNetwork Utility Force
 

Recommended

HKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksAPNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
 
Resume
ResumeResume
ResumeOm Prakash
 
Communicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurementsCommunicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurementsAPNIC
 
IETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollIETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollAPNIC
 
IPv6 Implementation and Migration
IPv6 Implementation and MigrationIPv6 Implementation and Migration
IPv6 Implementation and MigrationNetwork Utility Force
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 UpdateAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
Securing the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsAPNIC
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaBangladesh Network Operators Group
 
mnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliaAPNIC
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshBangladesh Network Operators Group
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
UPDATED_CV_
UPDATED_CV_UPDATED_CV_
UPDATED_CV_Uzair Ahmad
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022Bangladesh Network Operators Group
 
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15APNIC
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationBangladesh Network Operators Group
 
Advanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfAdvanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfGusangoBesweri
 
A review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionA review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionAPNIC
 
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 APNIC
 
VNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsVNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsAPNIC
 
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]APNIC
 
A review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionA review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionAPNIC
 
RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?APNIC
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesAPNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 

More Related Content

Similar to KHNOG 5: RPKI Status Update

An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 UpdateAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
Securing the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsAPNIC
 
mnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliaAPNIC
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15APNIC
 
Advanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfAdvanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfGusangoBesweri
 
A review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionA review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionAPNIC
 
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 APNIC
 
VNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsVNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsAPNIC
 
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]APNIC
 
A review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionA review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionAPNIC
 
RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?APNIC
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesAPNIC
 

Similar to KHNOG 5: RPKI Status Update (20)

An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 Update
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
Securing the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of Operators
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
 
mnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
UPDATED_CV_
UPDATED_CV_UPDATED_CV_
UPDATED_CV_
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
 
Advanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfAdvanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdf
 
A review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionA review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG Edition
 
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
 
VNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsVNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and Trends
 
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
 
A review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionA review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG Edition
 
RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member States
 

More from APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 

More from APNIC (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 

Recently uploaded

定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 

Recently uploaded (20)

定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 

KHNOG 5: RPKI Status Update

  • 1. v1.2 1 RPKI Status Updates Presented by: Makito Lay Phnom Penh, Cambodia | 22 October 2023 KHNOG 5 Conference
  • 2. v1.2 2 Agenda • Internet Routing and BGP Hijack • What is RPKI? • ROA Coverage in Asia / South-Eastern Asia / Cambodia • Common Issues after ROA Creation • ROV Adoption in Cambodia • Recommendations
  • 3. v1.2 3 Internet Routing Source: Screenshot taken from “3.5.3.4 Packet Tracer - Configure and Verify eBGP.pka” example from Connecting Networks Cisco Networking Academy course
  • 6. v1.2 6 BGP Hijack • Announcing a more specific path. • Announcing an address space that is owned by someone else. Source: Williams, R. (2015). street signs being stolen [Image]. https://media.apnarm.net.au/media/images/2015/02/06/IQT_06-02- 2015_NEWS_05_STOLENSIGNS1_t1880.jpg
  • 7. v1.2 7 What is RPKI? • Resource Public Key Infrastructure. • For mitigating BGP route leaks and hijacks. • ROA and ROV are done cryptographically. – Resource holders use private key to sign authorisations – Other networks use public key to validate the signatures Route Origin Validation (ROV) Other networks check whether the received prefixes are originated by the permitted AS Route Origin Authorisation (ROA) Resource holders permit specific AS to originate their prefixes
  • 8. v1.2 8 Route Origin Authorisation (ROA) • To be done by resource holder: – Creating ROA for prefixes belong to own address space • Prefix • Origin AS • Max. Length – Also known as “Most Specific Announcement (MSA)” – APNIC members can create ROA in MyAPNIC portal • APNIC Help Centre: ROA objects – https://help.apnic.net/s/article/roa-objects • Route Management – Guide to manage your routes and (RPKI) ROA – https://www.apnic.net/wp-content/uploads/2017/01/route-roa-management-guide.pdf • How to Create ROAs in MyAPNIC – https://www.youtube.com/watch?v=NLG2siznuu4
  • 9. v1.2 9 ROA Coverage in Asia Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
  • 10. v1.2 10 ROA Coverage in Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total BT Bhutan, Southern Asia 36,864 98.60% 0 0.00% 512 1.40% 37,376 NP Nepal, Southern Asia 568,064 98.50% 0 0.00% 8,448 1.50% 576,512 LB Lebanon, Western Asia 522,496 96.80% 256 0.00% 17,152 3.20% 539,904 IQ Iraq, Western Asia 700,160 95.60% 2,816 0.40% 29,440 4.00% 732,416 BD Bangladesh, Southern Asia 1,690,553 95.50% 11,596 0.70% 67,840 3.80% 1,769,989 … KP Democratic People's Republic of Korea, Eastern Asia 512 28.60% 0 0.00% 1,280 71.40% 1,792 KZ Kazakhstan, Central Asia 400,639 12.40% 1 0.00% 2,823,936 87.60% 3,224,576 TJ Tajikistan, Central Asia 10,240 12.40% 256 0.30% 72,192 87.30% 82,688 CN China, Eastern Asia 6,642,723 2.20% 441,821 0.10% 293,069,122 97.60% 300,153,666 KR Republic of Korea, Eastern Asia 1,869,346 1.70% 1,246 0.00% 106,616,870 98.30% 108,487,462 XD Asia 317,547,608 38.40% 3,244,556 0.40% 507,154,555 61.30% 827,946,719 Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
  • 11. v1.2 11 ROA Coverage in South-Eastern Asia Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
  • 12. v1.2 12 ROA Coverage in South-Eastern Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total LA Lao People's Democratic Republic 76,032 93.40% 512 0.60% 4,864 6.00% 81,408 PH Philippines 5,746,856 93.40% 37,204 0.60% 369,668 6.00% 6,153,728 KH Cambodia 393,211 90.70% 2,565 0.60% 37,632 8.70% 433,408 VN Vietnam 14,055,297 87.70% 86,143 0.50% 1,879,040 11.70% 16,020,480 MM Myanmar 175,872 87.60% 3,072 1.50% 21,760 10.80% 200,704 SG Singapore 9,214,823 76.10% 124,856 1.00% 2,761,407 22.80% 12,101,086 MY Malaysia 4,200,082 67.40% 20,339 0.30% 2,011,393 32.30% 6,231,814 TH Thailand 5,679,029 63.10% 95,307 1.10% 3,232,512 35.90% 9,006,848 TL Timor-Leste 9,216 53.70% 256 1.50% 7,680 44.80% 17,152 ID Indonesia 7,509,802 41.50% 95,702 0.50% 10,487,552 58.00% 18,093,056 BN Brunei Darussalam 57,088 38.90% 0 0.00% 89,856 61.10% 146,944 XU South-Eastern Asia 47,117,308 68.80% 465,956 0.70% 20,903,364 30.50% 68,486,628 Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
  • 13. v1.2 13 ROA Coverage in Cambodia Source: https://stats.labs.apnic.net/roa/KH (11 Oct 2023) Currently (Oct 2023) 90.70% of Cambodia’s IPv4 addresses have VALID ROA. Was 55.92% at the beginning of May 2022.
  • 14. v1.2 14 Online RPKI Sessions & Technical Assistance • APNIC delivered monthly online RPKI sessions to targeted networks from June 2022 to January 2023. • One-to-one technical assistance provided by APNIC’s Retained Community Trainer in Khmer.
  • 15. v1.2 15 Face-to-face RPKI Session • In November 2022, ROA coverage significantly improved following APNIC’s face-to-face RPKI session in Phnom Penh. • Thanks to local community for your cooperation and support!
  • 16. v1.2 16 Common Issues after ROA Creation • Invalid Origin AS – Multiple origin ASes in Anycast scenario • Solution: Create ROA for each and every origin AS – Prefixes are originated by a different AS • Solution: Create ROA with the actual origin AS • Invalid Prefix Length – Announcing /24s, but ROA covers only up to /23 • Solution: Set Max. Length of the ROA to “/24”
  • 17. v1.2 17 What’s Next after Having ROA? • ROA is an authorisation that permits a specific AS to originate a specific prefix. • ROAs are created for other networks to perform ROV. • The authorisation is meaningless if no one validates it. • All networks should eventually implement ROV.
  • 18. v1.2 18 Route Origin Validation (ROV) • Should be done by all networks on the Internet: – Setting up RPKI Validators – Configuring Border Routers to validate received prefixes • VALID – ROA exists, both prefix length and origin AS match with the record • INVALID – ROA exists, but prefix length or/and origin AS mismatch with the record • UNKNOWN / NOT FOUND – ROA does not exist – Implementing routing policies based on validation state • Prefer VALID over UNKNOWN over INVALID; or • Drop INVALID
  • 19. v1.2 19 ROV Adoption in Cambodia ASN AS Name RPKI Validates Samples 55636 TPLC-KH TPLC Holding Ltd. 98.88% 179 17726 CAMNET-AS Telecom Cambodia 1.65% 121 138606 SUGAPTELTD-AS-AP Suga Pte. Ltd 0.78% 129 9902 NEOCOMISP-KH-AP NEOCOMISP LIMITED, IPTX Transit and Network Service Provider in Cambodia. 0.75% 536 131207 SINET-KH SINET, Cambodias specialist Internet and Telecom Service Provider. 0.71% 1,545 45498 SMART-AXIATA-KH SMART AXIATA Co., Ltd. 0.68% 19,127 17976 CAMGSM-CELLCARD-AS-AP CAMGSM Company Ltd 0.59% 6,480 58424 XINWEITELECOM-KH # 3BEo, Sangkat Beoun Prolit, Khan 7Makara, Phnom Penh. 0.55% 182 38235 MEKONGNET-ADC-AS-AP ANGKOR DATA COMMUNICATION 0.40% 2,725 38209 CAMINTEL-AS CAMINTEL, National Telecommunication Provider, Phnom Penh, Cambodia 0.39% 259 38901 EZECOM-AS-AP EZECOM limited 0.20% 1,961 131178 EZECOM-AS-AP EZECOM limited 0.20% 4,055 23673 ONLINE-AS Cogetel Online, Cambodia, ISP 0.17% 1,171 38623 VIETTELCAMBODIA-AS-AP ISPIXP IN CAMBODIA WITH THE BEST VERVICE IN THERE. 0.17% 35,404 24492 IIT-WICAM-AS-AP WiCAM Corporation Ltd. 0.10% 1,002 … Source: https://stats.labs.apnic.net/rpki/KH (11 Oct 2023)
  • 20. v1.2 20 ROV Adoption in Cambodia • Cambodia Network eXchange (CNX) is dropping INVALID prefixes and hosting public RPKI Validators. Source: https://lg.sabay.com/routeservers/rs01/protocols/AS55329_1/routes (11 Oct 2023)
  • 21. v1.2 21 Major Networks Dropping INVALID ASN Name Source 1221 Telstra https://lists.ausnog.net/pipermail/ausnog/2020-July/044367.html 4637 https://www.zdnet.com/article/telstra-to-roll-out-rpki-routing-security-from-june-2020/ 1239 Sprint / T-Mobile https://www.sprint.net/policies/bgp-aggregation-and-filtering 1299 Telia https://www.teliacarrier.com/Our-Network/BGP-Routing/Routing-Security.html 2497 IIJ https://www.iij.ad.jp/en/dev/iir/pdf/iir 2914 NTT https://www.gin.ntt.net/support/policy/rr.cfm#RPKI 3356 Level3 https://twitter.com/lumentechco/status/1374035675742412800 4826 Vocus https://blog.apnic.net/2021/05/13/vocus-rpki-implementation/ 6939 Hurricane Electric https://mailman.nanog.org/pipermail/nanog/2020-June/108277.html 7018 AT&T https://mailman.nanog.org/pipermail/nanog/2019-February/099501.html 7922 Comcast https://corporate.comcast.com/stories/improved-bgp-routing-security-adds-another-layer-of-protection-to-network 9002 RETN https://twitter.com/RETNnet/status/1333735456408793089 16509 Amazon https://aws.amazon.com/blogs/networking-and-content-delivery/how-aws-is-helping-to-secure-internet-routing/ 37100 Seacom https://www.ripe.net/participate/mail/forum/routing- wg/PDZlMzAzMzhhLWVhOTAtNzIxOC1lMzI0LTBjZjMyOGI1Y2NkM0BzZWFjb20ubXU+ … Source: https://taejoong.github.io/pubs/publications/li-2023-rov.pdf (11 Oct 2023)
  • 22. v1.2 22 Recommendations • Create ROAs for all your prefixes. – Origin AS and Max. Length must match actual BGP announcements • Ensure ROAs are up-to-date upon sub-assignments – Multiple ROAs with different Origin ASes for Anycast prefixes – For networks using leased IPv4 address space, request your lease provider to create relevant ROAs • Regardless whether the address space is in APNIC region • Advise your customers and peers to sign their prefixes. – Unlike Internet Routing Registry (IRR), ROA cannot be proxy-registered • Monitor whether your network is announcing INVALID.
  • 23. v1.2 23 Recommendations • Implement ROV in your network. – Employ at least two RPKI Validators for redundancy purpose • Ensure consistency across all RPKI Validators – Establish and secure RPKI-to-Router (RTR) sessions – Update routing policies to support ROV • Set LOCAL_PREF based on validation state, or drop INVALID (preferred) • Use BGP Communities to propagate validation state (optional) – For Internet Transit, receive full routing table and drop default route
  • 24. v1.2 24 Need Help? ROV Implementation & Technical Discussions APNIC Technical Assistance Platform https://academy.apnic.net/technical-assistance ROA Creation & General Enquiries APNIC Help Centre https://help.apnic.net/s Training Resources APNIC Academy https://academy.apnic.net Online Courses: q RPKI Deployment q RPKI Deployment Status: 2022 in Review q Historical Resource Management and the Benefits of RPKI q Hosted vs. Delegated RPKI q Demystifying AS0 q How to set up Router/OS 7 and ROV Virtual Labs: q RPKI Lab with Routinator q RPKI Lab with FORT q RPKI Lab with RPKI-Prover q RPKI Lab (Sandbox)