APNIC Product Manager Tom Harrison presents on RPKI RSCs and ASPAs at the 4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM, held from 22 to 24 May 2023 in Taipei.
APNIC Information Products Manager Tom Harrison gives an overview of RPKI and whois updates at AusNOG 2023, held in the Gold Coast, Australia from 7 to 8 September 2023.
Part 10 : Routing in IP networks and interdomain routing with BGPOlivier Bonaventure
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
APNIC Infrastructure & Development Director Che-Hoo Cheng gives a presentation on ROA and ROV deployment and why routing security is becoming more important than ever at the 32nd TWNIC IP OPM in Taipei from 20 to 21 June 2019.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
APNIC Information Products Manager Tom Harrison gives an overview of RPKI and whois updates at AusNOG 2023, held in the Gold Coast, Australia from 7 to 8 September 2023.
Part 10 : Routing in IP networks and interdomain routing with BGPOlivier Bonaventure
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
APNIC Infrastructure & Development Director Che-Hoo Cheng gives a presentation on ROA and ROV deployment and why routing security is becoming more important than ever at the 32nd TWNIC IP OPM in Taipei from 20 to 21 June 2019.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
APAN 50: RPKI industry trends and initiatives APNIC
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of the RPKI, why it is important, and how to create ROAs and ROVs to secure routing announcements.
APNIC Senior Network Analyst and Training Manager Tashi Phuntsho presents on why securing Internet routing is important, and outlines some tools and techniques that can help network operators.
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
APNIC Director General Paul Wilson gives a presentation on the latest developments in IP address registry services, and their importance to Internet stability and security at the ICANN APAC-TWNIC Engagement Forum in Taipei, Taiwan from 16 to 17 April. 2019
MMIX Peering Forum: Securing Internet RoutingAPNIC
APNIC Senior Network Analyst Tashi Phuntsho presents on how to secure Internet routing at the Myanmar Internet Exchange (MMIX) Peering Forum 2019 in Yangon, Myanmar from 3 to 5 May 2019.
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of RPKI as another security consideration for peering at Peering Asia 2.0, held in Hong Kong from 24 to 25 October 2018.
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3 Akana
Recently revealed vulnerabilities in SSLv3, OpenSSL and other cipher suites may expose your transactions or APIs over web browsers, web servers or HTTPS to new threats. Hackers can attack and take advantage of the protocol version negotiation features built into SSL/TLS to force the use of SSL 3.0 and decrypt selected content within the SSL sessions. Given these vulnerabilities, how can businesses ensure and safeguard critical data? Attend this webinar to learn HTTPS configuration best practices and tools to harden your HTTPS endpoints with right protocols and cipher suites.
AWS re:Invent 2016: Serverless Architectural Patterns and Best Practices (ARC...Amazon Web Services
As serverless architectures become more popular, AWS customers need a framework of patterns to help them deploy their workloads without managing servers or operating systems. This session introduces and describes four re-usable serverless patterns for web apps, stream processing, batch processing, and automation. For each, we provide a TCO analysis and comparison with its server-based counterpart. We also discuss the considerations and nuances associated with each pattern and have customers share similar experiences. The target audience is architects, system operators, and anyone looking for a better understanding of how serverless architectures can help them save money and improve their agility.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
More Related Content
Similar to 4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM: RPKI Updates - RSCs and ASPAs
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
APAN 50: RPKI industry trends and initiatives APNIC
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of the RPKI, why it is important, and how to create ROAs and ROVs to secure routing announcements.
APNIC Senior Network Analyst and Training Manager Tashi Phuntsho presents on why securing Internet routing is important, and outlines some tools and techniques that can help network operators.
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
APNIC Director General Paul Wilson gives a presentation on the latest developments in IP address registry services, and their importance to Internet stability and security at the ICANN APAC-TWNIC Engagement Forum in Taipei, Taiwan from 16 to 17 April. 2019
MMIX Peering Forum: Securing Internet RoutingAPNIC
APNIC Senior Network Analyst Tashi Phuntsho presents on how to secure Internet routing at the Myanmar Internet Exchange (MMIX) Peering Forum 2019 in Yangon, Myanmar from 3 to 5 May 2019.
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of RPKI as another security consideration for peering at Peering Asia 2.0, held in Hong Kong from 24 to 25 October 2018.
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3 Akana
Recently revealed vulnerabilities in SSLv3, OpenSSL and other cipher suites may expose your transactions or APIs over web browsers, web servers or HTTPS to new threats. Hackers can attack and take advantage of the protocol version negotiation features built into SSL/TLS to force the use of SSL 3.0 and decrypt selected content within the SSL sessions. Given these vulnerabilities, how can businesses ensure and safeguard critical data? Attend this webinar to learn HTTPS configuration best practices and tools to harden your HTTPS endpoints with right protocols and cipher suites.
AWS re:Invent 2016: Serverless Architectural Patterns and Best Practices (ARC...Amazon Web Services
As serverless architectures become more popular, AWS customers need a framework of patterns to help them deploy their workloads without managing servers or operating systems. This session introduces and describes four re-usable serverless patterns for web apps, stream processing, batch processing, and automation. For each, we provide a TCO analysis and comparison with its server-based counterpart. We also discuss the considerations and nuances associated with each pattern and have customers share similar experiences. The target audience is architects, system operators, and anyone looking for a better understanding of how serverless architectures can help them save money and improve their agility.
Similar to 4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM: RPKI Updates - RSCs and ASPAs (17)
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
2. 2
2
What is an RSC?
• RPKI Signed Checklist
• Defined in RFC 9323
• The specification provides for:
• signing one or more arbitrary files using an RPKI certificate
• packaging the signature, filenames, and hashes into an object
(the RSC itself)
• verifying the signature (i.e. “these files were signed by somebody
with authority to route 192.0.2.0/24”)
3. 3
3
Why is it useful?
• Arbitrary files can be signed
– More flexible than existing RPKI functions
– Supports ad hoc/people-driven processes
• No need to publish in a public repository
– Associated business operations can remain
private
5. 5
5
BYOIP services
• Support use of RIR-delegated IP addresses for BGP
announcements in cloud infrastructure
• RSCs can help to streamline the registration process
6. 6
6
Third-party databases
• Acting as cross-RIR interfaces for specific use cases (e.g.
peering)
• RSCs can be used to prove resource holdership
7. 7
7
Custom RPKI applications
• Define new object type and use RSCs for
signing/packaging
• Useful for testing/prototyping, or for use within a closed
group of participants
• No need to go through IETF process
8. 8
8
Current status
• Specification published in November 2022
– https://www.rfc-editor.org/rfc/rfc9323.txt
• Production code
– https://www.rpki-client.org
• Proof-of-concept code
– https://github.com/APNIC-net/rpki-rsc-demo
– https://github.com/job/draft-rpki-checklists
– https://github.com/benmaddison/rpkimancer
• APNIC implementing in early 2024
– Deferred from Q2 of this year
– In-principle support from other RIRs
9. 9
9
What is an ASPA?
• Autonomous System Provider Authorization
• Defined in two documents:
• draft-ietf-sidrops-aspa-profile
• draft-ietf-sidrops-aspa-verification
• The specifications provide for:
• an ASN holder signing an object that defines its upstream ASes
• a network operator using that data to verify the AS_PATH of a
received route
10. 10
10
Why is it useful?
• Detect and mitigate route leaks
– Compare ROV, which is about the origin only
• Protect against certain types of
forged-origin/forged-path attacks
– Attacker must resort to longer AS paths for
route to be accepted
11. 11
11
Upstream validation
• 1. If AS path has single entry
• 2. If AS path contains hop
from provider to customer
• 3. If AS path contains hop
without ASPA
• 4. Otherwise, all hops are
from customer to provider
12. 12
12
Upstream validation examples (1)
• Single-element AS
path
• No ASPAs
• Not possible for it
to be a route leak
AS1
AS
This AS is the
upstream,
receiving the
route
This is the route: only the AS path is relevant
to ASPA validation, so the prefix is omitted
13. 13
13
Upstream validation examples (2)
• Two-element AS
path
• No ASPAs
• Unable to
determine validity
AS1
AS
AS2
Arrows indicate AS path,
from origin through peers
14. 14
14
Upstream validation examples (3)
• Two-element AS
path
• ASPA exists for AS1
(origin)
• Able to determine
validity
AS1
AS
AS2
AS Providers
1 2
AS path moves upwards
from AS to ASPA provider
15. 15
15
Upstream validation examples (4)
AS
• Two-element AS path
• ASPA exists for AS1
(origin), but disclaims
AS2 as provider
• Able to determine
validity
AS1
AS2
AS Providers
1 3
16. 16
16
Downstream validation
• 1. If AS path has:
– Up-ramp, customer(s) through provider(s)
– Down-ramp, provider(s) through customer(s)
– No hops in the middle, or single lateral hop
• 2. If AS path contains ‘valley’ (hop from provider to
customer, then from customer to provider)
• 3. Otherwise, unable to determine validity
17. 17
17
Downstream validation examples (1)
• Single-element AS
path
• No ASPAs
• Not possible for it
to be a route leak
AS1
AS
This AS is the
downstream,
receiving the
route
20. 20
20
Downstream validation examples (4)
• Three-element
AS path
• ASPA exists for
AS1 (origin)
• Route leak not
possible
AS1
AS
AS2
AS3
AS Providers
1 2
21. 21
21
Downstream validation examples (5)
• Three-element
AS path
• ASPA exists for
AS3 (neighbour)
• Route leak not
possible
AS1
AS
AS2
AS3
AS Providers
3 2
AS path moves downwards
from ASPA provider to AS
22. 22
22
Downstream validation examples (6)
• Three-element
AS path
• ASPAs exist for
AS1 and AS3
• Route leak not
possible
AS1
AS
AS2
AS3
AS Providers
1 2
3 2
23. 23
23
Downstream validation examples (7)
• Three-element AS
path
• AS0 ASPA now
exists for AS2, to
indicate absence of
providers
• Route leak not
possible
AS1
AS
AS2
AS3
AS Providers
1 2
2 0
3 2
24. 24
24
Downstream validation examples (8)
• Three-element AS
path
• Up-ramp and down-
ramp ASPAs do not
include AS2
• Route leak
AS1
AS
AS2
AS3
AS Providers
1 4
2 0
3 5
25. 25
25
Downstream validation examples (9)
• Four-element AS
path
• Valley from AS2 to
AS3 (customer) to
AS4 indicates route
leak
AS1
AS
AS2
AS3
AS Providers
1 2
2 0
3 2, 4
4 0
AS4
26. 26
26
Forged-origin/path attacks
• Attacker uses correct origin (AS1), but inserts own ASN into the AS path
immediately after the origin
– If AS1 has registered an ASPA, and AS2 (target recipient) receives route
over lateral peer, AS2 will classify the route as invalid
• Attacker can evade this by adding a valid upstream ASN after the origin and
before its own ASN
– But if the ASN that is added also has an ASPA, then the attacker needs to
add more ASNs until it reaches an ASN without an ASPA
– Plus, this all makes the path longer, and the route less likely to be
used/preferred
27. 27
27
Current status
• Specifications currently in IETF Working
Group Last Call
• Production code
– Krill (CA)
– Routinator (RP)
– rpki-client (RP)
– OpenBGPD (router)
– NIST BGP-SRx (router)
• RIPE provide API for creating ASPA objects in
the localcert.ripe.net environment (test)
• APNIC planning to implement hosted CA
functionality in 2024