SlideShare a Scribd company logo

RPKI in South Asia: An SEO-Optimized Title

APNIC
APNIC

This document discusses Resource Public Key Infrastructure (RPKI) adoption in South Asia. It finds that while some ROAs have been signed, validation is not widespread and there are still many issues. In particular, it notes that a large number of ROAs are "catch alls" and many signed prefixes are not actually routed. It encourages operators to attend RPKI workshops, implement validation, and follow best practices to improve security and reduce the risk of route hijacking in the region.

Internet
1 of 16
Download to read offline
1 RPKI in South Asia Resource Public Key Infrastructure HOW ARE WE DOING? 16 October 2023 Colombo, Sri Lanka 40
2 RPKI Uptake? Stats.Labs.APNIC.Net • RPKI RoV Drop-Invalid • RPKI ROA Publication Are your routes signed and have you started to drop invalid routes?
3 3 ROAs Signed HOW GOOD IS THIS?
4 Some Issues … TOTAL ROA Prefixes | ROA Not Routed | Routed --------------------+----------------+-------- 184392 | 158391 | 26001 Sample data from: Routes Views (SG) and RPKI data on 26th September. IPv4 only. https://datatracker.ietf.org/doc/rfc9319/ Highly Susceptible to Route Origin Spoofing (ASPATH + PREFIX) Hijacks
5 ROA, Lots Of “Catch Alls” Sample data from: Routes Views (SG) and RPKI data on 26th September. IPv4 only. https://datatracker.ietf.org/doc/rfc9319/ Economy | Unique Prefixes | Single Subnet | Many Subnets Per ROA --------------------------------+-----------------+---------------+---------------------- INDIA | 19817 | 17269 | 3499 BANGLADESH | 3905 | 3463 | 630 PAKISTAN | 3455 | 3525 | 529 NEPAL | 1158 | 1077 | 112 AFGHANISTAN | 241 | 239 | 21 MALDIVES | 129 | 25 | 105 BHUTAN | 44 | 33 | 14 BRITISH INDIAN OCEAN TERRITORY | 9 | 9 | 0
6 6 British Who? rpki=# select * from south_asia_roas where country = 'BRITISH INDIAN OCEAN TERRITORY’; asn | prefix | msa | tal | country ---------+----------------+-----+-------+-------------------------------- AS17458 | 203.83.48.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.48.0/21 | 21 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.49.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.50.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.51.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.52.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.53.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.54.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.55.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY (9 rows) Ref: https://en.wikipedia.org/wiki/Diego_Garcia
7 7 British Who? rpki=# select * from south_asia_routes where country = 'BRITISH INDIAN OCEAN TERRITORY'; prefix | country ----------------+-------------------------------- 203.83.48.0/21 | BRITISH INDIAN OCEAN TERRITORY 203.83.48.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.49.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.50.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.51.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.52.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.53.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.54.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.55.0/24 | BRITISH INDIAN OCEAN TERRITORY (9 rows) Ref: https://en.wikipedia.org/wiki/Diego_Garcia
8 “forged-origin” “attack surface” Sample data from: Routes Views (SG) and RPKI data on 26th September. IPv4 only. https://datatracker.ietf.org/doc/rfc9319/ Economy | ROAs | Expanded ROAs | Unique Routes -------------+------+---------------+--------------- INDIA | 3332 | 91524 | 15990 BANGLADESH | 588 | 6438 | 3396 PAKISTAN | 404 | 34932 | 2992 MALDIVES | 105 | 442 | 230 NEPAL | 98 | 1850 | 702 AFGHANISTAN | 21 | 186 | 72 BHUTAN | 13 | 112 | 30
9 More rpki=# select * from south_asia_expanded_roas a left join south_asia_routes b on a.prefix=b.prefix or a.split_cidr=b.prefix where a.msa = 14; asn | prefix | msa | tal | country | split_cidr | prefix | country ---------+--------------+-----+-------+---------+--------------+--------------+--------- AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.32.0.0/13 | 49.32.0.0/13 | INDIA AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.40.0.0/14 | 49.40.0.0/14 | INDIA AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.44.0.0/14 | | AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.32.0.0/14 | | AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.36.0.0/14 | | AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.40.0.0/13 | | (6 rows) rpki=# select * from south_asia_routes where prefix = '49.32.0.0/12'::cidr; prefix | country --------+--------- (0 rows) rpki=# select asn,count(*) from south_asia_roas where prefix << '49.32.0.0/12'::cidr group by asn; asn | count ---------+------- AS55836 | 334 AS64049 | 2 (2 rows) https://datatracker.ietf.org/doc/rfc9319/ rpki=# select count(*) from south_asia_routes where prefix << '49.32.0.0/12'::cidr; count ------- 153 (1 row)
10 10 Validation … Are we there yet? NOT EVEN CLOSE
11 South Asia ROV WHAT HAPPENED?
12 ROV Measurements Are Hard https://labs.apnic.net/index.php/2021/03/23/measuring-roas-and-rov/
13 13 Call To Action https://datatracker.ietf.org/doc/rfc9319/ Hint: when an RFC says “should” in capitals … YOU DO IT!
14 So, where to from here? Origins Pathways ASN to ASN RPKI ASPA BGPSEC https://www.rfc-editor.org/rfc/rfc8205.html https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/ https://www.rfc-editor.org/rfc/rfc8210
15 Your TODO List is: • Attend an APNIC workshop on RPKI. • Decide on your ROA deployment: there’s more than one way to sign routes. • Plan for and set up VALIDATION on your network border routers. • Implement MANRS and apply for the relevant program. • Keep up to date on Best Current Operational Practices. • Ask for Help J techassist@apnic.net
16 Terry Sweetser Been doing this “Internet thing” since 1989. Former APNIC Community Trainer, CTO, Founder, Engineering Manager, etc APNIC Training Delivery Manager for South Asia and Oceania Nationality: Australian Languages: English about.me/terry.sweetser

Recommended

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 

Recommended

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessAPNIC
 
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkRIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkAPNIC
 
VNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkVNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkAPNIC
 
40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP updateAPNIC
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUICAPNIC
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

More Related Content

More from APNIC

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessAPNIC
 
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkRIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkAPNIC
 
VNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkVNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkAPNIC
 
40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP updateAPNIC
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUICAPNIC
 

More from APNIC (20)

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
 
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkRIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
 
VNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkVNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and Starlink
 
40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC
 

Recently uploaded

Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 

Recently uploaded (20)

Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 

RPKI in South Asia: An SEO-Optimized Title

  • 1. 1 RPKI in South Asia Resource Public Key Infrastructure HOW ARE WE DOING? 16 October 2023 Colombo, Sri Lanka 40
  • 2. 2 RPKI Uptake? Stats.Labs.APNIC.Net • RPKI RoV Drop-Invalid • RPKI ROA Publication Are your routes signed and have you started to drop invalid routes?
  • 4. 4 Some Issues … TOTAL ROA Prefixes | ROA Not Routed | Routed --------------------+----------------+-------- 184392 | 158391 | 26001 Sample data from: Routes Views (SG) and RPKI data on 26th September. IPv4 only. https://datatracker.ietf.org/doc/rfc9319/ Highly Susceptible to Route Origin Spoofing (ASPATH + PREFIX) Hijacks
  • 5. 5 ROA, Lots Of “Catch Alls” Sample data from: Routes Views (SG) and RPKI data on 26th September. IPv4 only. https://datatracker.ietf.org/doc/rfc9319/ Economy | Unique Prefixes | Single Subnet | Many Subnets Per ROA --------------------------------+-----------------+---------------+---------------------- INDIA | 19817 | 17269 | 3499 BANGLADESH | 3905 | 3463 | 630 PAKISTAN | 3455 | 3525 | 529 NEPAL | 1158 | 1077 | 112 AFGHANISTAN | 241 | 239 | 21 MALDIVES | 129 | 25 | 105 BHUTAN | 44 | 33 | 14 BRITISH INDIAN OCEAN TERRITORY | 9 | 9 | 0
  • 6. 6 6 British Who? rpki=# select * from south_asia_roas where country = 'BRITISH INDIAN OCEAN TERRITORY’; asn | prefix | msa | tal | country ---------+----------------+-----+-------+-------------------------------- AS17458 | 203.83.48.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.48.0/21 | 21 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.49.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.50.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.51.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.52.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.53.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.54.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY AS17458 | 203.83.55.0/24 | 24 | apnic | BRITISH INDIAN OCEAN TERRITORY (9 rows) Ref: https://en.wikipedia.org/wiki/Diego_Garcia
  • 7. 7 7 British Who? rpki=# select * from south_asia_routes where country = 'BRITISH INDIAN OCEAN TERRITORY'; prefix | country ----------------+-------------------------------- 203.83.48.0/21 | BRITISH INDIAN OCEAN TERRITORY 203.83.48.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.49.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.50.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.51.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.52.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.53.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.54.0/24 | BRITISH INDIAN OCEAN TERRITORY 203.83.55.0/24 | BRITISH INDIAN OCEAN TERRITORY (9 rows) Ref: https://en.wikipedia.org/wiki/Diego_Garcia
  • 8. 8 “forged-origin” “attack surface” Sample data from: Routes Views (SG) and RPKI data on 26th September. IPv4 only. https://datatracker.ietf.org/doc/rfc9319/ Economy | ROAs | Expanded ROAs | Unique Routes -------------+------+---------------+--------------- INDIA | 3332 | 91524 | 15990 BANGLADESH | 588 | 6438 | 3396 PAKISTAN | 404 | 34932 | 2992 MALDIVES | 105 | 442 | 230 NEPAL | 98 | 1850 | 702 AFGHANISTAN | 21 | 186 | 72 BHUTAN | 13 | 112 | 30
  • 9. 9 More rpki=# select * from south_asia_expanded_roas a left join south_asia_routes b on a.prefix=b.prefix or a.split_cidr=b.prefix where a.msa = 14; asn | prefix | msa | tal | country | split_cidr | prefix | country ---------+--------------+-----+-------+---------+--------------+--------------+--------- AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.32.0.0/13 | 49.32.0.0/13 | INDIA AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.40.0.0/14 | 49.40.0.0/14 | INDIA AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.44.0.0/14 | | AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.32.0.0/14 | | AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.36.0.0/14 | | AS55836 | 49.32.0.0/12 | 14 | apnic | INDIA | 49.40.0.0/13 | | (6 rows) rpki=# select * from south_asia_routes where prefix = '49.32.0.0/12'::cidr; prefix | country --------+--------- (0 rows) rpki=# select asn,count(*) from south_asia_roas where prefix << '49.32.0.0/12'::cidr group by asn; asn | count ---------+------- AS55836 | 334 AS64049 | 2 (2 rows) https://datatracker.ietf.org/doc/rfc9319/ rpki=# select count(*) from south_asia_routes where prefix << '49.32.0.0/12'::cidr; count ------- 153 (1 row)
  • 10. 10 10 Validation … Are we there yet? NOT EVEN CLOSE
  • 12. 12 ROV Measurements Are Hard https://labs.apnic.net/index.php/2021/03/23/measuring-roas-and-rov/
  • 13. 13 13 Call To Action https://datatracker.ietf.org/doc/rfc9319/ Hint: when an RFC says “should” in capitals … YOU DO IT!
  • 14. 14 So, where to from here? Origins Pathways ASN to ASN RPKI ASPA BGPSEC https://www.rfc-editor.org/rfc/rfc8205.html https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/ https://www.rfc-editor.org/rfc/rfc8210
  • 15. 15 Your TODO List is: • Attend an APNIC workshop on RPKI. • Decide on your ROA deployment: there’s more than one way to sign routes. • Plan for and set up VALIDATION on your network border routers. • Implement MANRS and apply for the relevant program. • Keep up to date on Best Current Operational Practices. • Ask for Help J techassist@apnic.net
  • 16. 16 Terry Sweetser Been doing this “Internet thing” since 1989. Former APNIC Community Trainer, CTO, Founder, Engineering Manager, etc APNIC Training Delivery Manager for South Asia and Oceania Nationality: Australian Languages: English about.me/terry.sweetser