SlideShare a Scribd company logo

Cloud SDN: BGP Peering and RPKI

MyNOG
MyNOG

Cloud SDN: BGP Peering and RPKI Shaowen Ma, Google

Technology
1 of 15
Download to read offline
“Without networking, there is no cloud.” Cloud SDN BGP Peering and RPKI Shaowen Ma Group Product Manager shaowen@google.com
Google Global Network 37 REGIONS 200+ COUNTRIES AND TERRITORIES 112 ZONES 187 EDGE LOCATIONS
Proprietary + Confidential BGP Peering and RPKI
BGP Hijack/Leak Outage BGP RFC 1105 Two Napkin Protocol, Start Internet from 80K Host Visa/MasterCard and Major Bank ISP leaks 36 Prefixes for Payment Service FinTech Attacked 1989 1997 2008 2017 2019 2018 AS7007 Incident mistakenly (re)announces 72,000+ routes Black Hole Murphy's Law Strikes ISP Accidentally announced Youtube Prefix for Block/ Black Hole Internal BGP Hijack BGP Leak to Verizon Accidentally 160K Prefixes, Major Impact Japan(KDDI/NTT Com) BGP Leak 2020 Cryptocurrencies ISP Hijack Amazon DNS Route 53, Targeting myetherwallet.com FinTech BGP Hijack Verizon BGP leak BGP optimizers make it worse Cloudflare customer outages, AWS issues, Facebook outage. BGP Leak ISP, ISP hijacks internet traffic for Google, AWS, Cloudflare, and others BGP Hijack
15169 Peer A Peer Customer Peer Peer C Peer Customer Bad Actor Peer B Advertises Google’s prefixes - wrongly Advertises peer A prefixes Peer-locked / IRR filters Google filters correct advertisements from Peers Peer fails to filter hijack ● The Internet remains key to Cloud customers ● Resilience of Internet routing needs to get better ● Enhanced monitoring and filtering ● Active community role (MANRS, Peer Lock) ● RPKI Google Peering, A better Internet for cloud
Route filtering – validate all incoming routes Multiple filtering mechanisms to address different kinds of BGP hijacks Filtering based on routing data in public Internet Routing Registries (IRRs) ● filtering on allowed peer announcements (based on AS-SET expansion) ● challenge: IRR has high coverage, but data can be stale, invalid, contradictory ● rolled out widely across most ISP peering sessions in reject mode Route origin validation (ROV) based on RPKI ● filtering on allowed origin (prevents many misconfiguration hijacks) ● challenge: lower coverage, e.g., < 40% IPv4 space is registered ● active filtering in pilot – targeted for rollout to most peering sessions
IRR-based route filtering How IRR filtering works in Google: ● collect and process public routing data (IRRs, peeringDB) ○ currently pull from ~25 IRRs ● build per-ASN allow-list of routes peers are expected to advertise ○ check for high traffic impact for any single ASN ○ check for connectivity via alternative routes ● rollout allow-lists on peering edge devices ● treat any received route that does not match the allow-list as invalid ○ depref: send traffic over alternate/transit routes (serves as grace period to update routing data) ○ reject: drop route (traffic must take alternate path) Considerations ● subject to IRR data availability / accuracy ● need to consider filter scale on routers ● weekly rollout schedule for updated filters collector public IRR databases route intent store external ISP routing objects route filter generation ISP portal display filter data to peers for review/fix
RPKI origin validation APNIC ARIN RIPE AFRINIC LACNIC RP RP RP RPKI cache validator validator validator validator validator ● ● ● load balancer ● ● ● automated filter workflow RPKI trust anchors RP replicas replicated RPKI cache retrieves latest VRPs from RP replicas validator collects updated ROA table from load balanced RPKI cache replicas sw/hw peering devices route listeners ● Validators monitor routes at peering edge ● Validate routes against current RPKI cache ● For invalid routes, initiate filter installation on corresponding sessions Safety/operational mechanisms: ● RPKI cache: fail-static if large changes detected from RPs ● Overrides via local RPKI additions
External route monitoring and alerting distributed BGP listeners + other data sources 1P and 3P monitoring/alerting alert collection and analysis dashboard to view current hijack alerts alerting pipeline alerting rules SRE Google/CGP route inventory internal intent sources Monitoring provides external, global vantage points to detect disruptions of Google routes ● 1P and 3P data sources Raw alerts are frequent – challenge is improving SNR ● respond on persistent events that are widely observed Mitigation generally requires actions by external networks (via automated comms workflow) System has successfully alerted on recent impacting hijacks
Route status visibility via Peering Portal Peering Portal BGP view shows IRR and RPKI status (and other information) for all observed routes Available to all networks that peer w/Google (isp.google.com)
Helping peers debug routing data Peering portal allows filtering by problem area (IRR or RPKI records) Detail pane highlights specific problem and shows underlying IRR data ● route objects ● AS-SET objects ● peeringDB entries
Prefix: A AS-PATH: [2 1] Prefix: C AS-PATH: [7 6] Prefix: B AS-PATH: [5 4 3] "ext:4300:000000000000" = Origin valid "ext:4300:000000000001" = Origin not found "ext:4300:000000000002" = Origin invalid AS 15169 Prefix: B AS-PATH: [7 6 3] Prefix origin extended communities Prefix: B AS-PATH: [7 6] A B C Prefix: B AS-PATH: [7 5 4 3] 1 2 RPKI Validator RTR Protocol RFC8210 RSYNC RFC5781 RRDP RFC 8182 Google Peering, RPKI, Very easy to fake
15169 Peer A Peer Customer Peer B Peer Customer Bad Actor Peer C Advertises Google’s prefixes with Google AS 15169 - wrongly Advertises peer A prefixes with Fake AS Peer-locked / IRR filters Google filters validated advertisements from Peers Peer fails to filter hijack Tier 1 1 2 Prefix: { 34.64.0.0/11 } AS-PATH: [ 200 15169 ] 15169 peer-locked / protected AS 7018 6453 Tata: Google regional transit provider AT&T: Google global peer accept direct and via Tata accept direct only Google Peering, RPKI with Peer Lock
Multiple solutions required 14 Publish route intent Validate received route announcements Detect disruptions in the Internet Accelerate progress via collaborations ● Register Google/GCP routes in public registries ● Enables other networks to validate Google routes ● Prevents propagation of hijacks; protects connectivity to Google ● Work with peers and customers to properly register routes ● Deploy filtering systems to accept only valid routes ● Prevents accepting bogus routes; protects connectivity from Google/GCP ● Deploy first- and third-party monitoring systems to alert on hijacks in external networks ● Proactively mitigate when significant problems are detected ● Reduces repair time, but often depends on actions by external networks ● Leverage MANRS as a collaboration vehicle ● Work with other providers to align on common solutions and policies ● Share experience and information via MANRS forums
Thank you!

Recommended

Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 

Recommended

Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Dean Bubley presentation on enterprise & neutral host models for mobile
Dean Bubley presentation on enterprise & neutral host models for mobileDean Bubley presentation on enterprise & neutral host models for mobile
Dean Bubley presentation on enterprise & neutral host models for mobileDean Bubley
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN3G4G
 
Beginners: Open RAN, White Box RAN & vRAN
Beginners: Open RAN, White Box RAN & vRANBeginners: Open RAN, White Box RAN & vRAN
Beginners: Open RAN, White Box RAN & vRAN3G4G
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Bruno Teixeira
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 20193G4G
 
docslide.us_rnc-3820-presentation-55844f36a950e
docslide.us_rnc-3820-presentation-55844f36a950edocslide.us_rnc-3820-presentation-55844f36a950e
docslide.us_rnc-3820-presentation-55844f36a950eTamer Ajaj
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
IBM Sustainability Software - Overview for Airlines (1).PPTX
IBM Sustainability Software - Overview for Airlines (1).PPTXIBM Sustainability Software - Overview for Airlines (1).PPTX
IBM Sustainability Software - Overview for Airlines (1).PPTXThinL389917
 
Open v ran
Open v ranOpen v ran
Open v ranRajasa Pramudya Wardhana
 
5G New Services - Opportunities and Challenges
5G New Services - Opportunities and Challenges5G New Services - Opportunities and Challenges
5G New Services - Opportunities and ChallengesHamidreza Bolhasani
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoAPNIC
 
Data Centre Hubs: Where to Next by Lim Kok Chen, Ciena
Data Centre Hubs: Where to Next by Lim Kok Chen, CienaData Centre Hubs: Where to Next by Lim Kok Chen, Ciena
Data Centre Hubs: Where to Next by Lim Kok Chen, CienaMyNOG
 
Faster to 5G
Faster to 5GFaster to 5G
Faster to 5GEricsson
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Overview of standardisation status and 3GPP technology evolution trend
Overview of standardisation status and 3GPP technology evolution trendOverview of standardisation status and 3GPP technology evolution trend
Overview of standardisation status and 3GPP technology evolution trend3G4G
 
Fundamentals of Mobile Network Sharing
Fundamentals of Mobile Network SharingFundamentals of Mobile Network Sharing
Fundamentals of Mobile Network SharingDr. Kim (Kyllesbech Larsen)
 
Build Your Own ISP
Build Your Own ISPBuild Your Own ISP
Build Your Own ISPGLC Networks
 
SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs APNIC
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
 

More Related Content

What's hot

Dean Bubley presentation on enterprise & neutral host models for mobile
Dean Bubley presentation on enterprise & neutral host models for mobileDean Bubley presentation on enterprise & neutral host models for mobile
Dean Bubley presentation on enterprise & neutral host models for mobileDean Bubley
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN3G4G
 
Beginners: Open RAN, White Box RAN & vRAN
Beginners: Open RAN, White Box RAN & vRANBeginners: Open RAN, White Box RAN & vRAN
Beginners: Open RAN, White Box RAN & vRAN3G4G
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Bruno Teixeira
 
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 20193G4G
 
docslide.us_rnc-3820-presentation-55844f36a950e
docslide.us_rnc-3820-presentation-55844f36a950edocslide.us_rnc-3820-presentation-55844f36a950e
docslide.us_rnc-3820-presentation-55844f36a950eTamer Ajaj
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
IBM Sustainability Software - Overview for Airlines (1).PPTX
IBM Sustainability Software - Overview for Airlines (1).PPTXIBM Sustainability Software - Overview for Airlines (1).PPTX
IBM Sustainability Software - Overview for Airlines (1).PPTXThinL389917
 
5G New Services - Opportunities and Challenges
5G New Services - Opportunities and Challenges5G New Services - Opportunities and Challenges
5G New Services - Opportunities and ChallengesHamidreza Bolhasani
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoAPNIC
 
Data Centre Hubs: Where to Next by Lim Kok Chen, Ciena
Data Centre Hubs: Where to Next by Lim Kok Chen, CienaData Centre Hubs: Where to Next by Lim Kok Chen, Ciena
Data Centre Hubs: Where to Next by Lim Kok Chen, CienaMyNOG
 
Faster to 5G
Faster to 5GFaster to 5G
Faster to 5GEricsson
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Overview of standardisation status and 3GPP technology evolution trend
Overview of standardisation status and 3GPP technology evolution trendOverview of standardisation status and 3GPP technology evolution trend
Overview of standardisation status and 3GPP technology evolution trend3G4G
 
Build Your Own ISP
Build Your Own ISPBuild Your Own ISP
Build Your Own ISPGLC Networks
 

What's hot (20)

Dean Bubley presentation on enterprise & neutral host models for mobile
Dean Bubley presentation on enterprise & neutral host models for mobileDean Bubley presentation on enterprise & neutral host models for mobile
Dean Bubley presentation on enterprise & neutral host models for mobile
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN
 
Beginners: Open RAN, White Box RAN & vRAN
Beginners: Open RAN, White Box RAN & vRANBeginners: Open RAN, White Box RAN & vRAN
Beginners: Open RAN, White Box RAN & vRAN
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
 
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
Prof. Andy Sutton: 5G RAN Architecture Evolution - Jan 2019
 
docslide.us_rnc-3820-presentation-55844f36a950e
docslide.us_rnc-3820-presentation-55844f36a950edocslide.us_rnc-3820-presentation-55844f36a950e
docslide.us_rnc-3820-presentation-55844f36a950e
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
IBM Sustainability Software - Overview for Airlines (1).PPTX
IBM Sustainability Software - Overview for Airlines (1).PPTXIBM Sustainability Software - Overview for Airlines (1).PPTX
IBM Sustainability Software - Overview for Airlines (1).PPTX
 
Open v ran
Open v ranOpen v ran
Open v ran
 
5G New Services - Opportunities and Challenges
5G New Services - Opportunities and Challenges5G New Services - Opportunities and Challenges
5G New Services - Opportunities and Challenges
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI Demo
 
Data Centre Hubs: Where to Next by Lim Kok Chen, Ciena
Data Centre Hubs: Where to Next by Lim Kok Chen, CienaData Centre Hubs: Where to Next by Lim Kok Chen, Ciena
Data Centre Hubs: Where to Next by Lim Kok Chen, Ciena
 
Faster to 5G
Faster to 5GFaster to 5G
Faster to 5G
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Overview of standardisation status and 3GPP technology evolution trend
Overview of standardisation status and 3GPP technology evolution trendOverview of standardisation status and 3GPP technology evolution trend
Overview of standardisation status and 3GPP technology evolution trend
 
Fundamentals of Mobile Network Sharing
Fundamentals of Mobile Network SharingFundamentals of Mobile Network Sharing
Fundamentals of Mobile Network Sharing
 
Build Your Own ISP
Build Your Own ISPBuild Your Own ISP
Build Your Own ISP
 

Similar to Cloud SDN: BGP Peering and RPKI

SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs APNIC
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationOpenDNS
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsAPNIC
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
BGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolBGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolAPNIC
 
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiuInternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu?? ?
 
PhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment UpdatePhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment UpdateAPNIC
 
SANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfSANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfGhulamIbneGhulam
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 
Routing Security
Routing SecurityRouting Security
Routing SecurityRIPE NCC
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
SGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopSGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopAPNIC
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!APNIC
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]APNIC
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinMyNOG
 

Similar to Cloud SDN: BGP Peering and RPKI (20)

SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure Connections
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
BGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and ToolBGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
BGP Scanner - Isolario BGP-MRT Data Reader C Library and Tool
 
BGP
BGPBGP
BGP
 
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiuInternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu
 
PhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment UpdatePhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment Update
 
SANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfSANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdf
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practice
 
Routing Security
Routing SecurityRouting Security
Routing Security
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network Operators
 
SGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopSGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshop
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 

More from MyNOG

Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...MyNOG
 
Routed Optical Networking by Shahnaz Mohamad, Cisco
Routed Optical Networking by Shahnaz Mohamad, CiscoRouted Optical Networking by Shahnaz Mohamad, Cisco
Routed Optical Networking by Shahnaz Mohamad, CiscoMyNOG
 
Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...
Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...
Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...MyNOG
 
Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...
Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...
Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...MyNOG
 
Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres
Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres
Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres MyNOG
 
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen Chuan
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen ChuanAPNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen Chuan
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen ChuanMyNOG
 
How to Prepare For a Peering Partner Business Review by CF Chui, Kentik
How to Prepare For a Peering Partner Business Review by CF Chui, KentikHow to Prepare For a Peering Partner Business Review by CF Chui, Kentik
How to Prepare For a Peering Partner Business Review by CF Chui, KentikMyNOG
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...MyNOG
 
Cloud IPv6 Innovation by Shaowen Ma, Google
Cloud IPv6 Innovation by Shaowen Ma, GoogleCloud IPv6 Innovation by Shaowen Ma, Google
Cloud IPv6 Innovation by Shaowen Ma, GoogleMyNOG
 
MyNOG 9 Peering Personal
MyNOG 9 Peering PersonalMyNOG 9 Peering Personal
MyNOG 9 Peering PersonalMyNOG
 
Women @ MyNOG
Women @ MyNOGWomen @ MyNOG
Women @ MyNOGMyNOG
 

More from MyNOG (20)

Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
 
Routed Optical Networking by Shahnaz Mohamad, Cisco
Routed Optical Networking by Shahnaz Mohamad, CiscoRouted Optical Networking by Shahnaz Mohamad, Cisco
Routed Optical Networking by Shahnaz Mohamad, Cisco
 
Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...
Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...
Edge Computing: NTT Offerings in Japan and Use Cases by Katsuhiro Ohki, NTT L...
 
Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...
Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...
Latency Automation Service Enhancement Remedy (LASER) by Ts. Mohd Faizal Bin ...
 
Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres
Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres
Enabling Compute On The Edge by Lim Yu Jeen, Edge Centres
 
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen Chuan
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen ChuanAPNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen Chuan
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen Chuan
 
How to Prepare For a Peering Partner Business Review by CF Chui, Kentik
How to Prepare For a Peering Partner Business Review by CF Chui, KentikHow to Prepare For a Peering Partner Business Review by CF Chui, Kentik
How to Prepare For a Peering Partner Business Review by CF Chui, Kentik
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
 
Cloud IPv6 Innovation by Shaowen Ma, Google
Cloud IPv6 Innovation by Shaowen Ma, GoogleCloud IPv6 Innovation by Shaowen Ma, Google
Cloud IPv6 Innovation by Shaowen Ma, Google
 
MyNOG 9 Peering Personal
MyNOG 9 Peering PersonalMyNOG 9 Peering Personal
MyNOG 9 Peering Personal
 
Women @ MyNOG
Women @ MyNOGWomen @ MyNOG
Women @ MyNOG
 

Recently uploaded

Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Recently uploaded (20)

Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Cloud SDN: BGP Peering and RPKI

  • 1. “Without networking, there is no cloud.” Cloud SDN BGP Peering and RPKI Shaowen Ma Group Product Manager shaowen@google.com
  • 2. Google Global Network 37 REGIONS 200+ COUNTRIES AND TERRITORIES 112 ZONES 187 EDGE LOCATIONS
  • 4. BGP Hijack/Leak Outage BGP RFC 1105 Two Napkin Protocol, Start Internet from 80K Host Visa/MasterCard and Major Bank ISP leaks 36 Prefixes for Payment Service FinTech Attacked 1989 1997 2008 2017 2019 2018 AS7007 Incident mistakenly (re)announces 72,000+ routes Black Hole Murphy's Law Strikes ISP Accidentally announced Youtube Prefix for Block/ Black Hole Internal BGP Hijack BGP Leak to Verizon Accidentally 160K Prefixes, Major Impact Japan(KDDI/NTT Com) BGP Leak 2020 Cryptocurrencies ISP Hijack Amazon DNS Route 53, Targeting myetherwallet.com FinTech BGP Hijack Verizon BGP leak BGP optimizers make it worse Cloudflare customer outages, AWS issues, Facebook outage. BGP Leak ISP, ISP hijacks internet traffic for Google, AWS, Cloudflare, and others BGP Hijack
  • 5. 15169 Peer A Peer Customer Peer Peer C Peer Customer Bad Actor Peer B Advertises Google’s prefixes - wrongly Advertises peer A prefixes Peer-locked / IRR filters Google filters correct advertisements from Peers Peer fails to filter hijack ● The Internet remains key to Cloud customers ● Resilience of Internet routing needs to get better ● Enhanced monitoring and filtering ● Active community role (MANRS, Peer Lock) ● RPKI Google Peering, A better Internet for cloud
  • 6. Route filtering – validate all incoming routes Multiple filtering mechanisms to address different kinds of BGP hijacks Filtering based on routing data in public Internet Routing Registries (IRRs) ● filtering on allowed peer announcements (based on AS-SET expansion) ● challenge: IRR has high coverage, but data can be stale, invalid, contradictory ● rolled out widely across most ISP peering sessions in reject mode Route origin validation (ROV) based on RPKI ● filtering on allowed origin (prevents many misconfiguration hijacks) ● challenge: lower coverage, e.g., < 40% IPv4 space is registered ● active filtering in pilot – targeted for rollout to most peering sessions
  • 7. IRR-based route filtering How IRR filtering works in Google: ● collect and process public routing data (IRRs, peeringDB) ○ currently pull from ~25 IRRs ● build per-ASN allow-list of routes peers are expected to advertise ○ check for high traffic impact for any single ASN ○ check for connectivity via alternative routes ● rollout allow-lists on peering edge devices ● treat any received route that does not match the allow-list as invalid ○ depref: send traffic over alternate/transit routes (serves as grace period to update routing data) ○ reject: drop route (traffic must take alternate path) Considerations ● subject to IRR data availability / accuracy ● need to consider filter scale on routers ● weekly rollout schedule for updated filters collector public IRR databases route intent store external ISP routing objects route filter generation ISP portal display filter data to peers for review/fix
  • 8. RPKI origin validation APNIC ARIN RIPE AFRINIC LACNIC RP RP RP RPKI cache validator validator validator validator validator ● ● ● load balancer ● ● ● automated filter workflow RPKI trust anchors RP replicas replicated RPKI cache retrieves latest VRPs from RP replicas validator collects updated ROA table from load balanced RPKI cache replicas sw/hw peering devices route listeners ● Validators monitor routes at peering edge ● Validate routes against current RPKI cache ● For invalid routes, initiate filter installation on corresponding sessions Safety/operational mechanisms: ● RPKI cache: fail-static if large changes detected from RPs ● Overrides via local RPKI additions
  • 9. External route monitoring and alerting distributed BGP listeners + other data sources 1P and 3P monitoring/alerting alert collection and analysis dashboard to view current hijack alerts alerting pipeline alerting rules SRE Google/CGP route inventory internal intent sources Monitoring provides external, global vantage points to detect disruptions of Google routes ● 1P and 3P data sources Raw alerts are frequent – challenge is improving SNR ● respond on persistent events that are widely observed Mitigation generally requires actions by external networks (via automated comms workflow) System has successfully alerted on recent impacting hijacks
  • 10. Route status visibility via Peering Portal Peering Portal BGP view shows IRR and RPKI status (and other information) for all observed routes Available to all networks that peer w/Google (isp.google.com)
  • 11. Helping peers debug routing data Peering portal allows filtering by problem area (IRR or RPKI records) Detail pane highlights specific problem and shows underlying IRR data ● route objects ● AS-SET objects ● peeringDB entries
  • 12. Prefix: A AS-PATH: [2 1] Prefix: C AS-PATH: [7 6] Prefix: B AS-PATH: [5 4 3] "ext:4300:000000000000" = Origin valid "ext:4300:000000000001" = Origin not found "ext:4300:000000000002" = Origin invalid AS 15169 Prefix: B AS-PATH: [7 6 3] Prefix origin extended communities Prefix: B AS-PATH: [7 6] A B C Prefix: B AS-PATH: [7 5 4 3] 1 2 RPKI Validator RTR Protocol RFC8210 RSYNC RFC5781 RRDP RFC 8182 Google Peering, RPKI, Very easy to fake
  • 13. 15169 Peer A Peer Customer Peer B Peer Customer Bad Actor Peer C Advertises Google’s prefixes with Google AS 15169 - wrongly Advertises peer A prefixes with Fake AS Peer-locked / IRR filters Google filters validated advertisements from Peers Peer fails to filter hijack Tier 1 1 2 Prefix: { 34.64.0.0/11 } AS-PATH: [ 200 15169 ] 15169 peer-locked / protected AS 7018 6453 Tata: Google regional transit provider AT&T: Google global peer accept direct and via Tata accept direct only Google Peering, RPKI with Peer Lock
  • 14. Multiple solutions required 14 Publish route intent Validate received route announcements Detect disruptions in the Internet Accelerate progress via collaborations ● Register Google/GCP routes in public registries ● Enables other networks to validate Google routes ● Prevents propagation of hijacks; protects connectivity to Google ● Work with peers and customers to properly register routes ● Deploy filtering systems to accept only valid routes ● Prevents accepting bogus routes; protects connectivity from Google/GCP ● Deploy first- and third-party monitoring systems to alert on hijacks in external networks ● Proactively mitigate when significant problems are detected ● Reduces repair time, but often depends on actions by external networks ● Leverage MANRS as a collaboration vehicle ● Work with other providers to align on common solutions and policies ● Share experience and information via MANRS forums