SlideShare a Scribd company logo
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
RPKI ROA updates
Anurag Bhatia,
Hurricane Electric (AS6939)
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Starts with tweet from my friend Awal
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Thoughts after looking at the tweet...
● Is Awal correct?
● How can I cross validate his claim?
● India has highest number of ASNs & IP prefixes in South Asia. Can that
impact these results?
● If true and nothing done more of this will show up!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Thoughts after looking at the tweet...
● Is Awal correct? <- Unfortunately he was correct
● How can I cross validate his claim? <- I actually did, more on this soon...
● India has highest number of ASNs & IP prefixes in South Asia. Can that impact
these results? <- That can reflect in absolute numbers but not in relative
percentage numbers
● If true and nothing done more of this will show up! <- No, and here I am to talk
about it! :-)
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Validating the claim that India was lacking
behind...
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
How to do RPKI validation of a country?
Find all prefixes originated by that country with origin ASNs and run
them against a validator. Simple right?
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Challenges with RPKI validation at country level
1. How do you map prefixes to a given country? What should be the starting
point?
2. Running check sequentially against a RPKI validator is slow. When done for
thousands of prefixes it’s actually very slow.
3. How to store the output and track it over time?
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Challenges Solutions with RPKI validation at country level
1. How do you map prefixes to a given country? What should be the starting
point? <- Instead of prefixes, start with ASN from RIR delegation file. And do
ASN -> Prefix mapping
2. Running check sequentially against a RPKI validator is slow. When done for
thousands of prefixes it’s actually very slow. <- Used rpki api binary from
Louis Poinsignon (Cloudflare) - https://github.com/lspgn/rpki-api
3. How to store the output and track it over time? <- Store data in a MySQL
database & analyse output using Grafana
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
More details on RPKI validator lookup
● RIPE RIS is used for raw data to map ASNs to prefixes.
● Data is formatted in csv & queries in a GraphQL format to RPKI API.
● Can scan entire global routing table in 3-4mins! (IN table takes a few seconds)
● Lookup is triggered using Ansible AWX instance. Gives cron like capability but with
notification & more.
● Fair amount of code was re-used which I put internally @work to keep an eye on our own
routing table as we were deploying RPKI validation across Hurricane Electric’s AS6939
backbone.
● Everything is containerized with Docker
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
If it takes a few seconds on IN, why not scan
entire South Asia?
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Presenting rpki.anuragbhatia.com !!!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Asian stats from July 2020
Warning: 6 months old data!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Asian stats now!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Growth of RPKI Valids in Asia
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Bangladesh RPKI signed growth - absolute signed prefixes
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Bangladesh RPKI signed growth - % signed prefixes
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Indian RPKI invalids
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Bangladesh RPKI ROA public data
Public data specific to Bangladesh -
https://rpki.anuragbhatia.com/d/F2f3geu7k/bangladesh-rpki-public-data?orgId=1
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Some more details about Grafana
● Used it as frontend for this data. Essentially supports showing data in any
form like graphs, table, time data etc.
● Supports different set of data sources including InfluxDB, MySQL, and lot
more.
● Open source and free to use in self hosted format. Besides RPKI tool, also
used it on RIPE Atlas data export.
● Supports authentication to give restricted access as well as making data
available out in public without any authentication.
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates
Questions/Feedback/Suggestions?
Anurag Bhatia
anurag@he.net
he.net

More Related Content

Similar to RPKI ROA updates

Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
APNIC
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
Bangladesh Network Operators Group
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
MyNOG
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
APNIC
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
Mikhail Asavkin
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TA
APNIC
 
VNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingVNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet Routing
APNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
APNIC
 
SGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesSGNOG2 - APNIC Updates
SGNOG2 - APNIC Updates
APNIC
 
AS15169 External Route Filtering
AS15169 External Route FilteringAS15169 External Route Filtering
AS15169 External Route Filtering
APNIC
 
LkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingLkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet Routing
APNIC
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet Routing
APNIC
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing
APNIC
 
Real-time GraphQL in Angular app
Real-time GraphQL in Angular appReal-time GraphQL in Angular app
Real-time GraphQL in Angular app
Mikhail Asavkin
 

Similar to RPKI ROA updates (14)

Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TA
 
VNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingVNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet Routing
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
 
SGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesSGNOG2 - APNIC Updates
SGNOG2 - APNIC Updates
 
AS15169 External Route Filtering
AS15169 External Route FilteringAS15169 External Route Filtering
AS15169 External Route Filtering
 
LkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingLkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet Routing
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet Routing
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing
 
Real-time GraphQL in Angular app
Real-time GraphQL in Angular appReal-time GraphQL in Angular app
Real-time GraphQL in Angular app
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
Bangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
Bangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
Bangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
Bangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
Bangladesh Network Operators Group
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
Bangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 

Recently uploaded

Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

RPKI ROA updates

  • 1. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates RPKI ROA updates Anurag Bhatia, Hurricane Electric (AS6939)
  • 2. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Starts with tweet from my friend Awal
  • 3. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Thoughts after looking at the tweet... ● Is Awal correct? ● How can I cross validate his claim? ● India has highest number of ASNs & IP prefixes in South Asia. Can that impact these results? ● If true and nothing done more of this will show up!
  • 4. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Thoughts after looking at the tweet... ● Is Awal correct? <- Unfortunately he was correct ● How can I cross validate his claim? <- I actually did, more on this soon... ● India has highest number of ASNs & IP prefixes in South Asia. Can that impact these results? <- That can reflect in absolute numbers but not in relative percentage numbers ● If true and nothing done more of this will show up! <- No, and here I am to talk about it! :-)
  • 5. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Validating the claim that India was lacking behind...
  • 6. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates How to do RPKI validation of a country? Find all prefixes originated by that country with origin ASNs and run them against a validator. Simple right?
  • 7. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Challenges with RPKI validation at country level 1. How do you map prefixes to a given country? What should be the starting point? 2. Running check sequentially against a RPKI validator is slow. When done for thousands of prefixes it’s actually very slow. 3. How to store the output and track it over time?
  • 8. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Challenges Solutions with RPKI validation at country level 1. How do you map prefixes to a given country? What should be the starting point? <- Instead of prefixes, start with ASN from RIR delegation file. And do ASN -> Prefix mapping 2. Running check sequentially against a RPKI validator is slow. When done for thousands of prefixes it’s actually very slow. <- Used rpki api binary from Louis Poinsignon (Cloudflare) - https://github.com/lspgn/rpki-api 3. How to store the output and track it over time? <- Store data in a MySQL database & analyse output using Grafana
  • 9. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates More details on RPKI validator lookup ● RIPE RIS is used for raw data to map ASNs to prefixes. ● Data is formatted in csv & queries in a GraphQL format to RPKI API. ● Can scan entire global routing table in 3-4mins! (IN table takes a few seconds) ● Lookup is triggered using Ansible AWX instance. Gives cron like capability but with notification & more. ● Fair amount of code was re-used which I put internally @work to keep an eye on our own routing table as we were deploying RPKI validation across Hurricane Electric’s AS6939 backbone. ● Everything is containerized with Docker
  • 10. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates If it takes a few seconds on IN, why not scan entire South Asia?
  • 11. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Presenting rpki.anuragbhatia.com !!!
  • 12. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Asian stats from July 2020 Warning: 6 months old data!
  • 13. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Asian stats now!
  • 14. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Growth of RPKI Valids in Asia
  • 15. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI signed growth - absolute signed prefixes
  • 16. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI signed growth - % signed prefixes
  • 17. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Indian RPKI invalids
  • 18. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI ROA public data Public data specific to Bangladesh - https://rpki.anuragbhatia.com/d/F2f3geu7k/bangladesh-rpki-public-data?orgId=1
  • 19. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Some more details about Grafana ● Used it as frontend for this data. Essentially supports showing data in any form like graphs, table, time data etc. ● Supports different set of data sources including InfluxDB, MySQL, and lot more. ● Open source and free to use in self hosted format. Besides RPKI tool, also used it on RIPE Atlas data export. ● Supports authentication to give restricted access as well as making data available out in public without any authentication.
  • 20. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Questions/Feedback/Suggestions? Anurag Bhatia anurag@he.net he.net