SlideShare a Scribd company logo

KHNOG 5: RPKI Status Update

APNIC
APNIC

APNIC Technical Trainer Makito Lay presents an update on the status of RPKI in Cambodia and in South East Asia at KHNOG 5, held in Phnom Penh, Cambodia on 22 October 2023.

1 of 25
Download to read offline
v1.2 1 RPKI Status Updates Presented by: Makito Lay Phnom Penh, Cambodia | 22 October 2023 KHNOG 5 Conference
v1.2 2 Agenda • Internet Routing and BGP Hijack • What is RPKI? • ROA Coverage in Asia / South-Eastern Asia / Cambodia • Common Issues after ROA Creation • ROV Adoption in Cambodia • Recommendations
v1.2 3 Internet Routing Source: Screenshot taken from “3.5.3.4 Packet Tracer - Configure and Verify eBGP.pka” example from Connecting Networks Cisco Networking Academy course
v1.2 4 Internet Routing
v1.2 5 Internet Routing
v1.2 6 BGP Hijack • Announcing a more specific path. • Announcing an address space that is owned by someone else. Source: Williams, R. (2015). street signs being stolen [Image]. https://media.apnarm.net.au/media/images/2015/02/06/IQT_06-02- 2015_NEWS_05_STOLENSIGNS1_t1880.jpg
v1.2 7 What is RPKI? • Resource Public Key Infrastructure. • For mitigating BGP route leaks and hijacks. • ROA and ROV are done cryptographically. – Resource holders use private key to sign authorisations – Other networks use public key to validate the signatures Route Origin Validation (ROV) Other networks check whether the received prefixes are originated by the permitted AS Route Origin Authorisation (ROA) Resource holders permit specific AS to originate their prefixes
v1.2 8 Route Origin Authorisation (ROA) • To be done by resource holder: – Creating ROA for prefixes belong to own address space • Prefix • Origin AS • Max. Length – Also known as “Most Specific Announcement (MSA)” – APNIC members can create ROA in MyAPNIC portal • APNIC Help Centre: ROA objects – https://help.apnic.net/s/article/roa-objects • Route Management – Guide to manage your routes and (RPKI) ROA – https://www.apnic.net/wp-content/uploads/2017/01/route-roa-management-guide.pdf • How to Create ROAs in MyAPNIC – https://www.youtube.com/watch?v=NLG2siznuu4
v1.2 9 ROA Coverage in Asia Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
v1.2 10 ROA Coverage in Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total BT Bhutan, Southern Asia 36,864 98.60% 0 0.00% 512 1.40% 37,376 NP Nepal, Southern Asia 568,064 98.50% 0 0.00% 8,448 1.50% 576,512 LB Lebanon, Western Asia 522,496 96.80% 256 0.00% 17,152 3.20% 539,904 IQ Iraq, Western Asia 700,160 95.60% 2,816 0.40% 29,440 4.00% 732,416 BD Bangladesh, Southern Asia 1,690,553 95.50% 11,596 0.70% 67,840 3.80% 1,769,989 … KP Democratic People's Republic of Korea, Eastern Asia 512 28.60% 0 0.00% 1,280 71.40% 1,792 KZ Kazakhstan, Central Asia 400,639 12.40% 1 0.00% 2,823,936 87.60% 3,224,576 TJ Tajikistan, Central Asia 10,240 12.40% 256 0.30% 72,192 87.30% 82,688 CN China, Eastern Asia 6,642,723 2.20% 441,821 0.10% 293,069,122 97.60% 300,153,666 KR Republic of Korea, Eastern Asia 1,869,346 1.70% 1,246 0.00% 106,616,870 98.30% 108,487,462 XD Asia 317,547,608 38.40% 3,244,556 0.40% 507,154,555 61.30% 827,946,719 Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
v1.2 11 ROA Coverage in South-Eastern Asia Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
v1.2 12 ROA Coverage in South-Eastern Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total LA Lao People's Democratic Republic 76,032 93.40% 512 0.60% 4,864 6.00% 81,408 PH Philippines 5,746,856 93.40% 37,204 0.60% 369,668 6.00% 6,153,728 KH Cambodia 393,211 90.70% 2,565 0.60% 37,632 8.70% 433,408 VN Vietnam 14,055,297 87.70% 86,143 0.50% 1,879,040 11.70% 16,020,480 MM Myanmar 175,872 87.60% 3,072 1.50% 21,760 10.80% 200,704 SG Singapore 9,214,823 76.10% 124,856 1.00% 2,761,407 22.80% 12,101,086 MY Malaysia 4,200,082 67.40% 20,339 0.30% 2,011,393 32.30% 6,231,814 TH Thailand 5,679,029 63.10% 95,307 1.10% 3,232,512 35.90% 9,006,848 TL Timor-Leste 9,216 53.70% 256 1.50% 7,680 44.80% 17,152 ID Indonesia 7,509,802 41.50% 95,702 0.50% 10,487,552 58.00% 18,093,056 BN Brunei Darussalam 57,088 38.90% 0 0.00% 89,856 61.10% 146,944 XU South-Eastern Asia 47,117,308 68.80% 465,956 0.70% 20,903,364 30.50% 68,486,628 Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
v1.2 13 ROA Coverage in Cambodia Source: https://stats.labs.apnic.net/roa/KH (11 Oct 2023) Currently (Oct 2023) 90.70% of Cambodia’s IPv4 addresses have VALID ROA. Was 55.92% at the beginning of May 2022.
v1.2 14 Online RPKI Sessions & Technical Assistance • APNIC delivered monthly online RPKI sessions to targeted networks from June 2022 to January 2023. • One-to-one technical assistance provided by APNIC’s Retained Community Trainer in Khmer.
v1.2 15 Face-to-face RPKI Session • In November 2022, ROA coverage significantly improved following APNIC’s face-to-face RPKI session in Phnom Penh. • Thanks to local community for your cooperation and support!
v1.2 16 Common Issues after ROA Creation • Invalid Origin AS – Multiple origin ASes in Anycast scenario • Solution: Create ROA for each and every origin AS – Prefixes are originated by a different AS • Solution: Create ROA with the actual origin AS • Invalid Prefix Length – Announcing /24s, but ROA covers only up to /23 • Solution: Set Max. Length of the ROA to “/24”
v1.2 17 What’s Next after Having ROA? • ROA is an authorisation that permits a specific AS to originate a specific prefix. • ROAs are created for other networks to perform ROV. • The authorisation is meaningless if no one validates it. • All networks should eventually implement ROV.
v1.2 18 Route Origin Validation (ROV) • Should be done by all networks on the Internet: – Setting up RPKI Validators – Configuring Border Routers to validate received prefixes • VALID – ROA exists, both prefix length and origin AS match with the record • INVALID – ROA exists, but prefix length or/and origin AS mismatch with the record • UNKNOWN / NOT FOUND – ROA does not exist – Implementing routing policies based on validation state • Prefer VALID over UNKNOWN over INVALID; or • Drop INVALID
v1.2 19 ROV Adoption in Cambodia ASN AS Name RPKI Validates Samples 55636 TPLC-KH TPLC Holding Ltd. 98.88% 179 17726 CAMNET-AS Telecom Cambodia 1.65% 121 138606 SUGAPTELTD-AS-AP Suga Pte. Ltd 0.78% 129 9902 NEOCOMISP-KH-AP NEOCOMISP LIMITED, IPTX Transit and Network Service Provider in Cambodia. 0.75% 536 131207 SINET-KH SINET, Cambodias specialist Internet and Telecom Service Provider. 0.71% 1,545 45498 SMART-AXIATA-KH SMART AXIATA Co., Ltd. 0.68% 19,127 17976 CAMGSM-CELLCARD-AS-AP CAMGSM Company Ltd 0.59% 6,480 58424 XINWEITELECOM-KH # 3BEo, Sangkat Beoun Prolit, Khan 7Makara, Phnom Penh. 0.55% 182 38235 MEKONGNET-ADC-AS-AP ANGKOR DATA COMMUNICATION 0.40% 2,725 38209 CAMINTEL-AS CAMINTEL, National Telecommunication Provider, Phnom Penh, Cambodia 0.39% 259 38901 EZECOM-AS-AP EZECOM limited 0.20% 1,961 131178 EZECOM-AS-AP EZECOM limited 0.20% 4,055 23673 ONLINE-AS Cogetel Online, Cambodia, ISP 0.17% 1,171 38623 VIETTELCAMBODIA-AS-AP ISPIXP IN CAMBODIA WITH THE BEST VERVICE IN THERE. 0.17% 35,404 24492 IIT-WICAM-AS-AP WiCAM Corporation Ltd. 0.10% 1,002 … Source: https://stats.labs.apnic.net/rpki/KH (11 Oct 2023)
v1.2 20 ROV Adoption in Cambodia • Cambodia Network eXchange (CNX) is dropping INVALID prefixes and hosting public RPKI Validators. Source: https://lg.sabay.com/routeservers/rs01/protocols/AS55329_1/routes (11 Oct 2023)
v1.2 21 Major Networks Dropping INVALID ASN Name Source 1221 Telstra https://lists.ausnog.net/pipermail/ausnog/2020-July/044367.html 4637 https://www.zdnet.com/article/telstra-to-roll-out-rpki-routing-security-from-june-2020/ 1239 Sprint / T-Mobile https://www.sprint.net/policies/bgp-aggregation-and-filtering 1299 Telia https://www.teliacarrier.com/Our-Network/BGP-Routing/Routing-Security.html 2497 IIJ https://www.iij.ad.jp/en/dev/iir/pdf/iir 2914 NTT https://www.gin.ntt.net/support/policy/rr.cfm#RPKI 3356 Level3 https://twitter.com/lumentechco/status/1374035675742412800 4826 Vocus https://blog.apnic.net/2021/05/13/vocus-rpki-implementation/ 6939 Hurricane Electric https://mailman.nanog.org/pipermail/nanog/2020-June/108277.html 7018 AT&T https://mailman.nanog.org/pipermail/nanog/2019-February/099501.html 7922 Comcast https://corporate.comcast.com/stories/improved-bgp-routing-security-adds-another-layer-of-protection-to-network 9002 RETN https://twitter.com/RETNnet/status/1333735456408793089 16509 Amazon https://aws.amazon.com/blogs/networking-and-content-delivery/how-aws-is-helping-to-secure-internet-routing/ 37100 Seacom https://www.ripe.net/participate/mail/forum/routing- wg/PDZlMzAzMzhhLWVhOTAtNzIxOC1lMzI0LTBjZjMyOGI1Y2NkM0BzZWFjb20ubXU+ … Source: https://taejoong.github.io/pubs/publications/li-2023-rov.pdf (11 Oct 2023)
v1.2 22 Recommendations • Create ROAs for all your prefixes. – Origin AS and Max. Length must match actual BGP announcements • Ensure ROAs are up-to-date upon sub-assignments – Multiple ROAs with different Origin ASes for Anycast prefixes – For networks using leased IPv4 address space, request your lease provider to create relevant ROAs • Regardless whether the address space is in APNIC region • Advise your customers and peers to sign their prefixes. – Unlike Internet Routing Registry (IRR), ROA cannot be proxy-registered • Monitor whether your network is announcing INVALID.
v1.2 23 Recommendations • Implement ROV in your network. – Employ at least two RPKI Validators for redundancy purpose • Ensure consistency across all RPKI Validators – Establish and secure RPKI-to-Router (RTR) sessions – Update routing policies to support ROV • Set LOCAL_PREF based on validation state, or drop INVALID (preferred) • Use BGP Communities to propagate validation state (optional) – For Internet Transit, receive full routing table and drop default route
v1.2 24 Need Help? ROV Implementation & Technical Discussions APNIC Technical Assistance Platform https://academy.apnic.net/technical-assistance ROA Creation & General Enquiries APNIC Help Centre https://help.apnic.net/s Training Resources APNIC Academy https://academy.apnic.net Online Courses: q RPKI Deployment q RPKI Deployment Status: 2022 in Review q Historical Resource Management and the Benefits of RPKI q Hosted vs. Delegated RPKI q Demystifying AS0 q How to set up Router/OS 7 and ROV Virtual Labs: q RPKI Lab with Routinator q RPKI Lab with FORT q RPKI Lab with RPKI-Prover q RPKI Lab (Sandbox)
v1.2 25 Questions & Answers RPKI Status Updates

Recommended

HKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK Networks
APNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
APNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
APNIC
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
APNIC
 
Resume
ResumeResume
ResumeOm Prakash
 
Communicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurementsCommunicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurements
APNIC
 
IETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollIETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK Roll
APNIC
 
IPv6 Implementation and Migration
IPv6 Implementation and MigrationIPv6 Implementation and Migration
IPv6 Implementation and Migration
Network Utility Force
 

Recommended

HKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK Networks
APNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
APNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
APNIC
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
APNIC
 
Resume
ResumeResume
ResumeOm Prakash
 
Communicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurementsCommunicasia2017: IPv6 measurements
Communicasia2017: IPv6 measurements
APNIC
 
IETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollIETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK Roll
APNIC
 
IPv6 Implementation and Migration
IPv6 Implementation and MigrationIPv6 Implementation and Migration
IPv6 Implementation and Migration
Network Utility Force
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 Update
APNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
APNIC
 
Securing the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of Operators
APNIC
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
Bangladesh Network Operators Group
 
mnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
APNIC
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
UPDATED_CV_
UPDATED_CV_UPDATED_CV_
UPDATED_CV_Uzair Ahmad
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
APNIC
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
Bangladesh Network Operators Group
 
Advanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfAdvanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdf
GusangoBesweri
 
A review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionA review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG Edition
APNIC
 
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
APNIC
 
VNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsVNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and Trends
APNIC
 
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
APNIC
 
A review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionA review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG Edition
APNIC
 
RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?
APNIC
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
APNIC
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member States
APNIC
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 

More Related Content

Similar to KHNOG 5: RPKI Status Update

An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 Update
APNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
APNIC
 
Securing the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of Operators
APNIC
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
Bangladesh Network Operators Group
 
mnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
APNIC
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
APNIC
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
Bangladesh Network Operators Group
 
Advanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfAdvanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdf
GusangoBesweri
 
A review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionA review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG Edition
APNIC
 
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
APNIC
 
VNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsVNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and Trends
APNIC
 
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
APNIC
 
A review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionA review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG Edition
APNIC
 
RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?
APNIC
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
APNIC
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member States
APNIC
 

Similar to KHNOG 5: RPKI Status Update (20)

An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 Update
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
Securing the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of Operators
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
 
mnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
UPDATED_CV_
UPDATED_CV_UPDATED_CV_
UPDATED_CV_
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
IPv6 Deployment in South East Asia, presentation by Chimi Dorji for bdNOG 15
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
 
Advanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdfAdvanced_Cellular_Network_Planning_and_Optimization.pdf
Advanced_Cellular_Network_Planning_and_Optimization.pdf
 
A review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG EditionA review of current worldwide IPv6 deployment - HKNOG Edition
A review of current worldwide IPv6 deployment - HKNOG Edition
 
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9 A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
A Bhutanese story of ROAs, ROVs and IPs presentation for btNOG 9
 
VNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and TrendsVNNIC OPM 2017: IPV6 Measurements and Trends
VNNIC OPM 2017: IPV6 Measurements and Trends
 
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
Who's Watching, by Geoff Huston [APNIC 38 / Technical Keynote]
 
A review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG EditionA review of current worldwide IPv6 deployment - SANOG Edition
A review of current worldwide IPv6 deployment - SANOG Edition
 
RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?RIPE 76: Is IPv6 on for the rich?
RIPE 76: Is IPv6 on for the rich?
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
 
IPv6 status among ASEAN Member States
IPv6 status among ASEAN Member StatesIPv6 status among ASEAN Member States
IPv6 status among ASEAN Member States
 

More from APNIC

APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
APNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
APNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APNIC
 

More from APNIC (20)

APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 

Recently uploaded

[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
JeyaPerumal1
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 

Recently uploaded (20)

[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 

KHNOG 5: RPKI Status Update

  • 1. v1.2 1 RPKI Status Updates Presented by: Makito Lay Phnom Penh, Cambodia | 22 October 2023 KHNOG 5 Conference
  • 2. v1.2 2 Agenda • Internet Routing and BGP Hijack • What is RPKI? • ROA Coverage in Asia / South-Eastern Asia / Cambodia • Common Issues after ROA Creation • ROV Adoption in Cambodia • Recommendations
  • 3. v1.2 3 Internet Routing Source: Screenshot taken from “3.5.3.4 Packet Tracer - Configure and Verify eBGP.pka” example from Connecting Networks Cisco Networking Academy course
  • 6. v1.2 6 BGP Hijack • Announcing a more specific path. • Announcing an address space that is owned by someone else. Source: Williams, R. (2015). street signs being stolen [Image]. https://media.apnarm.net.au/media/images/2015/02/06/IQT_06-02- 2015_NEWS_05_STOLENSIGNS1_t1880.jpg
  • 7. v1.2 7 What is RPKI? • Resource Public Key Infrastructure. • For mitigating BGP route leaks and hijacks. • ROA and ROV are done cryptographically. – Resource holders use private key to sign authorisations – Other networks use public key to validate the signatures Route Origin Validation (ROV) Other networks check whether the received prefixes are originated by the permitted AS Route Origin Authorisation (ROA) Resource holders permit specific AS to originate their prefixes
  • 8. v1.2 8 Route Origin Authorisation (ROA) • To be done by resource holder: – Creating ROA for prefixes belong to own address space • Prefix • Origin AS • Max. Length – Also known as “Most Specific Announcement (MSA)” – APNIC members can create ROA in MyAPNIC portal • APNIC Help Centre: ROA objects – https://help.apnic.net/s/article/roa-objects • Route Management – Guide to manage your routes and (RPKI) ROA – https://www.apnic.net/wp-content/uploads/2017/01/route-roa-management-guide.pdf • How to Create ROAs in MyAPNIC – https://www.youtube.com/watch?v=NLG2siznuu4
  • 9. v1.2 9 ROA Coverage in Asia Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
  • 10. v1.2 10 ROA Coverage in Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total BT Bhutan, Southern Asia 36,864 98.60% 0 0.00% 512 1.40% 37,376 NP Nepal, Southern Asia 568,064 98.50% 0 0.00% 8,448 1.50% 576,512 LB Lebanon, Western Asia 522,496 96.80% 256 0.00% 17,152 3.20% 539,904 IQ Iraq, Western Asia 700,160 95.60% 2,816 0.40% 29,440 4.00% 732,416 BD Bangladesh, Southern Asia 1,690,553 95.50% 11,596 0.70% 67,840 3.80% 1,769,989 … KP Democratic People's Republic of Korea, Eastern Asia 512 28.60% 0 0.00% 1,280 71.40% 1,792 KZ Kazakhstan, Central Asia 400,639 12.40% 1 0.00% 2,823,936 87.60% 3,224,576 TJ Tajikistan, Central Asia 10,240 12.40% 256 0.30% 72,192 87.30% 82,688 CN China, Eastern Asia 6,642,723 2.20% 441,821 0.10% 293,069,122 97.60% 300,153,666 KR Republic of Korea, Eastern Asia 1,869,346 1.70% 1,246 0.00% 106,616,870 98.30% 108,487,462 XD Asia 317,547,608 38.40% 3,244,556 0.40% 507,154,555 61.30% 827,946,719 Source: https://stats.labs.apnic.net/roa/XD (11 Oct 2023)
  • 11. v1.2 11 ROA Coverage in South-Eastern Asia Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
  • 12. v1.2 12 ROA Coverage in South-Eastern Asia Code Region IPv4 Valid IPv4 Invalid IPv4 Unknown IPv4 Total LA Lao People's Democratic Republic 76,032 93.40% 512 0.60% 4,864 6.00% 81,408 PH Philippines 5,746,856 93.40% 37,204 0.60% 369,668 6.00% 6,153,728 KH Cambodia 393,211 90.70% 2,565 0.60% 37,632 8.70% 433,408 VN Vietnam 14,055,297 87.70% 86,143 0.50% 1,879,040 11.70% 16,020,480 MM Myanmar 175,872 87.60% 3,072 1.50% 21,760 10.80% 200,704 SG Singapore 9,214,823 76.10% 124,856 1.00% 2,761,407 22.80% 12,101,086 MY Malaysia 4,200,082 67.40% 20,339 0.30% 2,011,393 32.30% 6,231,814 TH Thailand 5,679,029 63.10% 95,307 1.10% 3,232,512 35.90% 9,006,848 TL Timor-Leste 9,216 53.70% 256 1.50% 7,680 44.80% 17,152 ID Indonesia 7,509,802 41.50% 95,702 0.50% 10,487,552 58.00% 18,093,056 BN Brunei Darussalam 57,088 38.90% 0 0.00% 89,856 61.10% 146,944 XU South-Eastern Asia 47,117,308 68.80% 465,956 0.70% 20,903,364 30.50% 68,486,628 Source: https://stats.labs.apnic.net/roa/XU?o=v4tadpl1 (11 Oct 2023)
  • 13. v1.2 13 ROA Coverage in Cambodia Source: https://stats.labs.apnic.net/roa/KH (11 Oct 2023) Currently (Oct 2023) 90.70% of Cambodia’s IPv4 addresses have VALID ROA. Was 55.92% at the beginning of May 2022.
  • 14. v1.2 14 Online RPKI Sessions & Technical Assistance • APNIC delivered monthly online RPKI sessions to targeted networks from June 2022 to January 2023. • One-to-one technical assistance provided by APNIC’s Retained Community Trainer in Khmer.
  • 15. v1.2 15 Face-to-face RPKI Session • In November 2022, ROA coverage significantly improved following APNIC’s face-to-face RPKI session in Phnom Penh. • Thanks to local community for your cooperation and support!
  • 16. v1.2 16 Common Issues after ROA Creation • Invalid Origin AS – Multiple origin ASes in Anycast scenario • Solution: Create ROA for each and every origin AS – Prefixes are originated by a different AS • Solution: Create ROA with the actual origin AS • Invalid Prefix Length – Announcing /24s, but ROA covers only up to /23 • Solution: Set Max. Length of the ROA to “/24”
  • 17. v1.2 17 What’s Next after Having ROA? • ROA is an authorisation that permits a specific AS to originate a specific prefix. • ROAs are created for other networks to perform ROV. • The authorisation is meaningless if no one validates it. • All networks should eventually implement ROV.
  • 18. v1.2 18 Route Origin Validation (ROV) • Should be done by all networks on the Internet: – Setting up RPKI Validators – Configuring Border Routers to validate received prefixes • VALID – ROA exists, both prefix length and origin AS match with the record • INVALID – ROA exists, but prefix length or/and origin AS mismatch with the record • UNKNOWN / NOT FOUND – ROA does not exist – Implementing routing policies based on validation state • Prefer VALID over UNKNOWN over INVALID; or • Drop INVALID
  • 19. v1.2 19 ROV Adoption in Cambodia ASN AS Name RPKI Validates Samples 55636 TPLC-KH TPLC Holding Ltd. 98.88% 179 17726 CAMNET-AS Telecom Cambodia 1.65% 121 138606 SUGAPTELTD-AS-AP Suga Pte. Ltd 0.78% 129 9902 NEOCOMISP-KH-AP NEOCOMISP LIMITED, IPTX Transit and Network Service Provider in Cambodia. 0.75% 536 131207 SINET-KH SINET, Cambodias specialist Internet and Telecom Service Provider. 0.71% 1,545 45498 SMART-AXIATA-KH SMART AXIATA Co., Ltd. 0.68% 19,127 17976 CAMGSM-CELLCARD-AS-AP CAMGSM Company Ltd 0.59% 6,480 58424 XINWEITELECOM-KH # 3BEo, Sangkat Beoun Prolit, Khan 7Makara, Phnom Penh. 0.55% 182 38235 MEKONGNET-ADC-AS-AP ANGKOR DATA COMMUNICATION 0.40% 2,725 38209 CAMINTEL-AS CAMINTEL, National Telecommunication Provider, Phnom Penh, Cambodia 0.39% 259 38901 EZECOM-AS-AP EZECOM limited 0.20% 1,961 131178 EZECOM-AS-AP EZECOM limited 0.20% 4,055 23673 ONLINE-AS Cogetel Online, Cambodia, ISP 0.17% 1,171 38623 VIETTELCAMBODIA-AS-AP ISPIXP IN CAMBODIA WITH THE BEST VERVICE IN THERE. 0.17% 35,404 24492 IIT-WICAM-AS-AP WiCAM Corporation Ltd. 0.10% 1,002 … Source: https://stats.labs.apnic.net/rpki/KH (11 Oct 2023)
  • 20. v1.2 20 ROV Adoption in Cambodia • Cambodia Network eXchange (CNX) is dropping INVALID prefixes and hosting public RPKI Validators. Source: https://lg.sabay.com/routeservers/rs01/protocols/AS55329_1/routes (11 Oct 2023)
  • 21. v1.2 21 Major Networks Dropping INVALID ASN Name Source 1221 Telstra https://lists.ausnog.net/pipermail/ausnog/2020-July/044367.html 4637 https://www.zdnet.com/article/telstra-to-roll-out-rpki-routing-security-from-june-2020/ 1239 Sprint / T-Mobile https://www.sprint.net/policies/bgp-aggregation-and-filtering 1299 Telia https://www.teliacarrier.com/Our-Network/BGP-Routing/Routing-Security.html 2497 IIJ https://www.iij.ad.jp/en/dev/iir/pdf/iir 2914 NTT https://www.gin.ntt.net/support/policy/rr.cfm#RPKI 3356 Level3 https://twitter.com/lumentechco/status/1374035675742412800 4826 Vocus https://blog.apnic.net/2021/05/13/vocus-rpki-implementation/ 6939 Hurricane Electric https://mailman.nanog.org/pipermail/nanog/2020-June/108277.html 7018 AT&T https://mailman.nanog.org/pipermail/nanog/2019-February/099501.html 7922 Comcast https://corporate.comcast.com/stories/improved-bgp-routing-security-adds-another-layer-of-protection-to-network 9002 RETN https://twitter.com/RETNnet/status/1333735456408793089 16509 Amazon https://aws.amazon.com/blogs/networking-and-content-delivery/how-aws-is-helping-to-secure-internet-routing/ 37100 Seacom https://www.ripe.net/participate/mail/forum/routing- wg/PDZlMzAzMzhhLWVhOTAtNzIxOC1lMzI0LTBjZjMyOGI1Y2NkM0BzZWFjb20ubXU+ … Source: https://taejoong.github.io/pubs/publications/li-2023-rov.pdf (11 Oct 2023)
  • 22. v1.2 22 Recommendations • Create ROAs for all your prefixes. – Origin AS and Max. Length must match actual BGP announcements • Ensure ROAs are up-to-date upon sub-assignments – Multiple ROAs with different Origin ASes for Anycast prefixes – For networks using leased IPv4 address space, request your lease provider to create relevant ROAs • Regardless whether the address space is in APNIC region • Advise your customers and peers to sign their prefixes. – Unlike Internet Routing Registry (IRR), ROA cannot be proxy-registered • Monitor whether your network is announcing INVALID.
  • 23. v1.2 23 Recommendations • Implement ROV in your network. – Employ at least two RPKI Validators for redundancy purpose • Ensure consistency across all RPKI Validators – Establish and secure RPKI-to-Router (RTR) sessions – Update routing policies to support ROV • Set LOCAL_PREF based on validation state, or drop INVALID (preferred) • Use BGP Communities to propagate validation state (optional) – For Internet Transit, receive full routing table and drop default route
  • 24. v1.2 24 Need Help? ROV Implementation & Technical Discussions APNIC Technical Assistance Platform https://academy.apnic.net/technical-assistance ROA Creation & General Enquiries APNIC Help Centre https://help.apnic.net/s Training Resources APNIC Academy https://academy.apnic.net Online Courses: q RPKI Deployment q RPKI Deployment Status: 2022 in Review q Historical Resource Management and the Benefits of RPKI q Hosted vs. Delegated RPKI q Demystifying AS0 q How to set up Router/OS 7 and ROV Virtual Labs: q RPKI Lab with Routinator q RPKI Lab with FORT q RPKI Lab with RPKI-Prover q RPKI Lab (Sandbox)