APNIC, profile picture
Uploaded byAPNIC
506 views

RPKI Deployment Panel

This document summarizes a panel discussion on RPKI deployment. The panel discussed various RPKI deployment models including using public and local cache servers, deploying RPKI in IXPs and with route reflectors, and integrating RPKI with IRR systems. The panel also addressed common issues that can arise with RPKI such as customers claiming their prefixes are announced by other ASNs, addressing route leaks, and using RPKI information to mitigate DDoS attacks. Next steps discussed included improving internationalization support, providing feedback to developers, and launching an RPKI pilot service.

Embed presentation

Download to read offline
Copyright © 2015 Japan Network Information Center RPKI deployment panel
Copyright © 2015 Japan Network Information Center People • Geoff Huston (chair) • Fakrul Alam, bdHUB • A week with analysing RPKI status • Tomoya Yoshida, Internet Multifeed • Deployment factors and current status • Yoshinobu Matsuzaki, Internet Initiative Japan • RPKI deployment at ISP • Taiji Kimura, Japan Network Information Center • About JPNIC’s RPKI 1
Copyright © 2015 Japan Network Information Center RPKI Deployment Panel • Purpose • Gathering experienced operators voice • Discuss further RPKI deployment for useful mechanism 2
Copyright © 2015 Japan Network Information Center Discussions
Copyright © 2015 Japan Network Information Center Deployment model Public cache server / local cache server 4
Copyright © 2015 Japan Network Information Center Deployment model RPKI in IXP and Route reflector 5
Copyright © 2015 Japan Network Information Center Deployment model RPKI and IRR 6
Copyright © 2015 Japan Network Information Center HOWTO Configuring RPKI cache and Building own RPKI CA 7
Copyright © 2015 Japan Network Information Center What do you do when…
Copyright © 2015 Japan Network Information Center (Customer AS) • Customer claims their prefix has been announced from other AS! 9
Copyright © 2015 Japan Network Information Center (Own prefix) • You found your prefix has no reachability from other region. What do you do? 10
Copyright © 2015 Japan Network Information Center (Customer AS) • Customer claims their prefix has been announced from other AS! What do you do? 11
Copyright © 2015 Japan Network Information Center (DDoS mitigation) • DDoS packets are coming! You found if other AS announces specific announce. 12
Copyright © 2015 Japan Network Information Center JPNIC’s RPKI Taiji Kimura
Copyright © 2015 Japan Network Information Center Issues on RPKI deployment in Japan • Deployment for operators • How RPKI is use for people - BGP operators • Language 14
Copyright © 2015 Japan Network Information Center Developing items and technical specifications • Internationalization • Database • Authentication • Redundancy and easy maintenance • Server security • Key management and PKI operation 15
Copyright © 2015 Japan Network Information Center Internationalization 16
Copyright © 2015 Japan Network Information Center Further step • Multi-language support • Feedbacks for developer 17
Copyright © 2015 Japan Network Information Center It is time to release. RPKI pilot service

More Related Content

PPTX
Kibana globalization at the RTP meetup
byShikha Srivastava
 
PDF
btNOG 8: IP technology adoption in Bhutan
byAPNIC
 
PDF
IPv6 Support at D-link CEs
byAPNIC
 
PPT
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT Equipment
byDeploy360 Programme (Internet Society)
 
PDF
OPNFV Webinar – No Time to Wait: Accelerating NFV Time to Market Through Open...
byOpen Networking Summits
 
PDF
Peering Asia 2021v: Little-known IXPs in Asia Pacific
byAPNIC
 
PDF
OSGi Community Event 2010 - A Crash Course in OSGi Application Development
bymfrancis
 
PPTX
IBM Innovate 2011 Conference
byShawn Doyle
 
Kibana globalization at the RTP meetup
byShikha Srivastava
 
btNOG 8: IP technology adoption in Bhutan
byAPNIC
 
IPv6 Support at D-link CEs
byAPNIC
 
The Story Behind RIPE-501 and RIPE-554 - Requirements for IPv6 in ICT Equipment
byDeploy360 Programme (Internet Society)
 
OPNFV Webinar – No Time to Wait: Accelerating NFV Time to Market Through Open...
byOpen Networking Summits
 
Peering Asia 2021v: Little-known IXPs in Asia Pacific
byAPNIC
 
OSGi Community Event 2010 - A Crash Course in OSGi Application Development
bymfrancis
 
IBM Innovate 2011 Conference
byShawn Doyle
 

What's hot

PPT
The April Agent Platform
byLuigi Ceccaroni
 
PDF
Learnings from Carrier SDN Deployments
byOpen Networking Summits
 
PDF
Should I run my own RPKI Certificate Authority?
byAPNIC
 
PPTX
Integrating NiFi and Flink
byBryan Bende
 
PDF
IPv6 at 6connect, PTC17
byAPNIC
 
PDF
APNIC's Resource Certification Service
byAPNIC
 
PPT
Myanmar Member Gathering
byAPNIC
 
PDF
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
byIndonesia Network Operators Group
 
PDF
Route Origin Authorization (ROA) using RPKI
byAPNIC
 
PDF
WebRTC Audio Codec: Opus and processing requirements
byTsahi Levent-levi
 
PDF
Intelligently collecting data at the edge—intro to Apache MiNiFi
byDataWorks Summit
 
The April Agent Platform
byLuigi Ceccaroni
 
Learnings from Carrier SDN Deployments
byOpen Networking Summits
 
Should I run my own RPKI Certificate Authority?
byAPNIC
 
Integrating NiFi and Flink
byBryan Bende
 
IPv6 at 6connect, PTC17
byAPNIC
 
APNIC's Resource Certification Service
byAPNIC
 
Myanmar Member Gathering
byAPNIC
 
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
byIndonesia Network Operators Group
 
Route Origin Authorization (ROA) using RPKI
byAPNIC
 
WebRTC Audio Codec: Opus and processing requirements
byTsahi Levent-levi
 
Intelligently collecting data at the edge—intro to Apache MiNiFi
byDataWorks Summit
 

Viewers also liked

PDF
Cyber Security 4.0 conference 30 November 2016
byInfinIT - Innovationsnetværket for it
 
PDF
Route Hijaking and the role of RPKI
byAPNIC
 
PDF
RPKI Trust Anchor
byAPNIC
 
PDF
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
by1velocity
 
PDF
RPKI (Resource Public Key Infrastructure)
byFakrul Alam
 
PPTX
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
byPositive Hack Days
 
PDF
Symantec 2010 Critical Infrastructure Protection Study
bySymantec
 
PDF
Securing Internet Routing: RPSL & RPKI
byAPNIC
 
PPT
Missile Technology
byAshwin Baindur
 
Cyber Security 4.0 conference 30 November 2016
byInfinIT - Innovationsnetværket for it
 
Route Hijaking and the role of RPKI
byAPNIC
 
RPKI Trust Anchor
byAPNIC
 
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
by1velocity
 
RPKI (Resource Public Key Infrastructure)
byFakrul Alam
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
byPositive Hack Days
 
Symantec 2010 Critical Infrastructure Protection Study
bySymantec
 
Securing Internet Routing: RPSL & RPKI
byAPNIC
 
Missile Technology
byAshwin Baindur
 

Similar to RPKI Deployment Panel

PDF
RPKI Tutorial and Hands-On
byAPNIC
 
PDF
RPKI - 5W2H [APRICOT 2015]
byAPNIC
 
PDF
JPNIC Update
byAPNIC
 
PDF
Deployment factors and Current status
byAPNIC
 
PPTX
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
byAPNIC
 
PDF
Introduction to RPKI - MyNOG
bySiena Perry
 
PDF
Introduction to RPKI by Sheryl (Shane) Hermoso
byMyNOG
 
PDF
RPKI and Me
byMyNOG
 
PDF
Secure Inter-domain Routing with RPKI
byAPNIC
 
PDF
Resource Public Key Infrastructure (RPKI)
byBangladesh Network Operators Group
 
PDF
JPNIC Update by Akira Shibuya [APRICOT 2015]
byAPNIC
 
PDF
JPNIC Update
byAPNIC
 
PPTX
APNIC Update: ARIN 37
byBhadrika Magan
 
PPTX
APNIC Update: ARIN 37
byAPNIC
 
PDF
IDNOG 7: IPv6, RPKI Report and NMM
byAPNIC
 
PDF
JPNIC Updates
byAPNIC
 
PDF
RPKI Overview, Case Studies, Deployment and Operations
byAPNIC
 
PDF
Improving the peering business case with RPKI
byAPNIC
 
PPTX
Whois - Addressing the Asia Pacifc
byAPNIC
 
PPTX
HKNOG 7.0: RPKI - it's time to start deploying it
byAPNIC
 
RPKI Tutorial and Hands-On
byAPNIC
 
RPKI - 5W2H [APRICOT 2015]
byAPNIC
 
JPNIC Update
byAPNIC
 
Deployment factors and Current status
byAPNIC
 
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
byAPNIC
 
Introduction to RPKI - MyNOG
bySiena Perry
 
Introduction to RPKI by Sheryl (Shane) Hermoso
byMyNOG
 
RPKI and Me
byMyNOG
 
Secure Inter-domain Routing with RPKI
byAPNIC
 
Resource Public Key Infrastructure (RPKI)
byBangladesh Network Operators Group
 
JPNIC Update by Akira Shibuya [APRICOT 2015]
byAPNIC
 
JPNIC Update
byAPNIC
 
APNIC Update: ARIN 37
byBhadrika Magan
 
APNIC Update: ARIN 37
byAPNIC
 
IDNOG 7: IPv6, RPKI Report and NMM
byAPNIC
 
JPNIC Updates
byAPNIC
 
RPKI Overview, Case Studies, Deployment and Operations
byAPNIC
 
Improving the peering business case with RPKI
byAPNIC
 
Whois - Addressing the Asia Pacifc
byAPNIC
 
HKNOG 7.0: RPKI - it's time to start deploying it
byAPNIC
 

More from APNIC

PPTX
APNIC Report, presented at APAN 60 by Thy Boskovic
byAPNIC
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
byAPNIC
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
byAPNIC
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
byAPNIC
 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
byAPNIC
 
PDF
DNSSEC Made Easy, presented at PHNOG 2025
byAPNIC
 
PDF
BGP Security Best Practices that Matter, presented at PHNOG 2025
byAPNIC
 
PDF
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
byAPNIC
 
PDF
IPv6 Deployment and Best Practices, presented by Makito Lay
byAPNIC
 
PDF
Cleaning up your RPKI invalids, presented at PacNOG 35
byAPNIC
 
PDF
The Internet - By the numbers, presented at npNOG 11
byAPNIC
 
PDF
Transmission Control Protocol (TCP) and Starlink
byAPNIC
 
PDF
DDoS in India, presented at INNOG 8 by Dave Phelan
byAPNIC
 
PDF
Global Networking Trends, presented at the India ISP Conclave 2025
byAPNIC
 
PDF
Make DDoS expensive for the threat actors
byAPNIC
 
PDF
Fast Reroute in SR-MPLS, presented at bdNOG 19
byAPNIC
 
PDF
DDos Mitigation Strategie, presented at bdNOG 19
byAPNIC
 
PDF
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
byAPNIC
 
PDF
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
byAPNIC
 
PDF
Measuring Starlink Protocol Performance, presented at LACNIC 43
byAPNIC
 
APNIC Report, presented at APAN 60 by Thy Boskovic
byAPNIC
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
byAPNIC
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
byAPNIC
 
The Internet -By the Numbers, Sri Lanka Edition
byAPNIC
 
Triggering QUIC, presented by Geoff Huston at IETF 123
byAPNIC
 
DNSSEC Made Easy, presented at PHNOG 2025
byAPNIC
 
BGP Security Best Practices that Matter, presented at PHNOG 2025
byAPNIC
 
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
byAPNIC
 
IPv6 Deployment and Best Practices, presented by Makito Lay
byAPNIC
 
Cleaning up your RPKI invalids, presented at PacNOG 35
byAPNIC
 
The Internet - By the numbers, presented at npNOG 11
byAPNIC
 
Transmission Control Protocol (TCP) and Starlink
byAPNIC
 
DDoS in India, presented at INNOG 8 by Dave Phelan
byAPNIC
 
Global Networking Trends, presented at the India ISP Conclave 2025
byAPNIC
 
Make DDoS expensive for the threat actors
byAPNIC
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
byAPNIC
 
DDos Mitigation Strategie, presented at bdNOG 19
byAPNIC
 
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
byAPNIC
 
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
byAPNIC
 
Measuring Starlink Protocol Performance, presented at LACNIC 43
byAPNIC
 

RPKI Deployment Panel

  • 1.
    Copyright © 2015Japan Network Information Center RPKI deployment panel
  • 2.
    Copyright © 2015Japan Network Information Center People • Geoff Huston (chair) • Fakrul Alam, bdHUB • A week with analysing RPKI status • Tomoya Yoshida, Internet Multifeed • Deployment factors and current status • Yoshinobu Matsuzaki, Internet Initiative Japan • RPKI deployment at ISP • Taiji Kimura, Japan Network Information Center • About JPNIC’s RPKI 1
  • 3.
    Copyright © 2015Japan Network Information Center RPKI Deployment Panel • Purpose • Gathering experienced operators voice • Discuss further RPKI deployment for useful mechanism 2
  • 4.
    Copyright © 2015Japan Network Information Center Discussions
  • 5.
    Copyright © 2015Japan Network Information Center Deployment model Public cache server / local cache server 4
  • 6.
    Copyright © 2015Japan Network Information Center Deployment model RPKI in IXP and Route reflector 5
  • 7.
    Copyright © 2015Japan Network Information Center Deployment model RPKI and IRR 6
  • 8.
    Copyright © 2015Japan Network Information Center HOWTO Configuring RPKI cache and Building own RPKI CA 7
  • 9.
    Copyright © 2015Japan Network Information Center What do you do when…
  • 10.
    Copyright © 2015Japan Network Information Center (Customer AS) • Customer claims their prefix has been announced from other AS! 9
  • 11.
    Copyright © 2015Japan Network Information Center (Own prefix) • You found your prefix has no reachability from other region. What do you do? 10
  • 12.
    Copyright © 2015Japan Network Information Center (Customer AS) • Customer claims their prefix has been announced from other AS! What do you do? 11
  • 13.
    Copyright © 2015Japan Network Information Center (DDoS mitigation) • DDoS packets are coming! You found if other AS announces specific announce. 12
  • 14.
    Copyright © 2015Japan Network Information Center JPNIC’s RPKI Taiji Kimura
  • 15.
    Copyright © 2015Japan Network Information Center Issues on RPKI deployment in Japan • Deployment for operators • How RPKI is use for people - BGP operators • Language 14
  • 16.
    Copyright © 2015Japan Network Information Center Developing items and technical specifications • Internationalization • Database • Authentication • Redundancy and easy maintenance • Server security • Key management and PKI operation 15
  • 17.
    Copyright © 2015Japan Network Information Center Internationalization 16
  • 18.
    Copyright © 2015Japan Network Information Center Further step • Multi-language support • Feedbacks for developer 17
  • 19.
    Copyright © 2015Japan Network Information Center It is time to release. RPKI pilot service