SlideShare a Scribd company logo

RPKI Tutorial and Hands-On Guide for Network Security

APNIC
APNIC

This document provides an overview of the Resource Public Key Infrastructure (RPKI) and includes the following key points: RPKI allows internet registries to digitally certify IP address and autonomous system (AS) number allocations and assignments. This helps validate routing data and prevent unintended route origination. The certificates are stored in repositories that network devices can access to validate routing information. RPKI is gaining adoption worldwide as more internet registries and network operators participate. The RIPE region currently has the most resource certificates and route origin authorizations (ROAs) issued. Events and tutorials have helped drive increased usage in different regions over time. Monitoring and visualization tools also help observe global RPKI deployment status.

Internet
1 of 32
Download to read offline
Copyright © 2015 Japan Network Information Center RPKI Tutorial and hands-on 1
Copyright © 2015 Japan Network Information Center Contents • RPKI basics • RPKI hands-on 2
Copyright © 2015 Japan Network Information Center RPKI basics • What is RPKI? • Why? and how much? • How it works? 3
Copyright © 2015 Japan Network Information Center What is RPKI? 4
Copyright © 2015 Japan Network Information Center RPKI 5 RPKI (Resource PKI) Resource Public-Key Infrastructure Why infrastructure? Public-Key? Resource? PKI?
Copyright © 2015 Japan Network Information Center Resource Certificate 6 Resource Certificate What is different from SSL/TLS certificates? Resources?
Copyright © 2015 Japan Network Information Center Resource certificate Resource certificate = digital certificate which certifies allocation/assignment of number resources Registry or resource allocatorResource holder Resource certificate 7
Copyright © 2015 Japan Network Information Center Contents in resource certificates 8 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=D5BBADA3 Validity Not Before:Apr 15 10:24:392014 GMT NotAfter : Apr 14 10:24:392019 GMT Subject: CN=D5BBADA3 Subject Public KeyInfo: Public KeyAlgorithm: rsaEncryption Public-Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 18:CE:ED:52:F0:99:02:8A:58:3C:F1:7B:53:71:0E:1F:5D:37:4F:8D X509v3 Key Usage: critical Certificate Sign, CRL Sign Subject InformationAccess: CA Repository- URI:rsync://rpki01.nic.ad.jp/repository/ 1.3.6.1.5.5.7.48.10 - URI:rsync://rpki01.nic.ad.jp/repository/jpnic-ta-03.mft sbgp-autonomousSysNum: critical Autonomous System Numbers: 0-4294967295 sbgp-ipAddrBlock: critical IPv4: 0.0.0.0/0 IPv6: ::/0
Copyright © 2015 Japan Network Information Center Registries and resource certificate • In internet registries (RIR or NIR ..) 9 WHOIS database ↓ Allocation/assignment data (IP address and AS number) ↓ Digital certificate with Allocation/assignment data = Resource certificate
Copyright © 2015 Japan Network Information Center Registry tree and resource certificate RIR: Regional Internet Registry NIRs NIR: National Internet Registry ICANN/IANA ISPISP LIR: Local Internet Registry RIPE NCC AfriNIC APNIC ARIN LACNI C Allocation Allocation Allocation WHOIS Database User network Assignment IP address Resourcecertificate 10
Copyright © 2015 Japan Network Information Center Tree structure 11 NIRs ICANN/IANA ISP User net Issuer: (APNIC) Subject: (JPNIC) IPaddr: 192.0.0.0/8 Issuer: (JPNIC) Subject: (ISP) IPaddr 192.168.0.0/16 Issuer: (ISP) Subject: (User net) IPaddr: 192.168.64.0/22 ROA – Route Origination Authorization (digital signature by User net) - means route announcing authorization from AS65535 on 192.168.64.0/24 AS65535 RIPE NCC AfriNIC APNIC ARIN LACNI C
Copyright © 2015 Japan Network Information Center Why? and how much? 12
Copyright © 2015 Japan Network Information Center YouTube mis-origin route 13 YouTube Hijacking:ARIPE NCC RIS case study,17Mar2008, RIPE NCC, http://www.ripe.net/internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study
Copyright © 2015 Japan Network Information Center BitCoin mining pool 14 BGP Hijacking for Cryptocurrency Profit, 7 August 2014 Pat Litke and Joe Stewart, Dell SecureWorks Counter Threat Unit http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
Copyright © 2015 Japan Network Information Center Motivation to the infrastructure • To find misused IP address in routers • Internet registries having database on IP address can certify allocations/assignments. • Internet reachability is getting serious for Web services. 15
Copyright © 2015 Japan Network Information Center Fee • No additional fee are on resource certification in RIR (and JPNIC). • To use origin validation, capable routers and “RPKI cache server” are needed. • Free to ‘watch’ what is happening in the world… 16
Copyright © 2015 Japan Network Information Center How it works? 17
Copyright © 2015 Japan Network Information Center Unintended use of IP address • Configuring IP address which is allocated to other network ? ? 192.168.100.0/24 192.168.150.0/24 192.168.100.0/24 18 AS1 AS2 AS3
Copyright © 2015 Japan Network Information Center Route Origin Authorization • Authorizations from IP address holders to AS to use allocated IP address prefix. • ROA is useful to check whether BGP routing information is intended one or misoriginated. • ROA has IP address prefix and AS number with digital signature by the address holder’s key. 19
Copyright © 2015 Japan Network Information Center Origin Validation 20 ! ! 192.168.100.0/24 192.168.150.0/24 192.168.100.0/24 ROA – Route Origin Authorization ROA – Route Origin Authorization AS1 AS2 AS3
Copyright © 2015 Japan Network Information Center Subject Information Access Trust anchor and validation 21 Repository A RPKI (validation) cache server URL Repository B 192.0.0.0/8 192.168.0.0/16 SIA(URI) 192.168.64.0/22 SIA(URI) ROA (192.168.64.0/24) SIA(URI) Repository C Trust anchor locator (.tal file) (1) (2) (3) Trust anchor locator (TAL) is used to specify your trust anchor Issuer’s certificates has wider range of resources
Copyright © 2015 Japan Network Information Center Some updates 22
Copyright © 2015 Japan Network Information Center World Wide 23 http://en.wikipedia.org/wiki/File:Regional_Internet_Registries_world_map.svg
Copyright © 2015 Japan Network Information Center Number of resource certificate 24 http://certification-stats.ripe.net/ RIPE region
Copyright © 2015 Japan Network Information Center Number of ROA 25 http://certification-stats.ripe.net/ RIPE Region
Copyright © 2015 Japan Network Information Center What is going on in the world? • RIPE region has much more number of ROA and Resource certificates – RIPE NCC launches experimental Web site for RPKI brought good discussions in RIPE meeting • LACNIC region has increase at the 2012th – LACNIC XVIII Nov. 2012 – Email notified to all ISP in LACNIC region – Over 90% covering certificates are issued in Ecuador. 26
Copyright © 2015 Japan Network Information Center Visualizing tools 27 ・ RPKI Origin Validation Looking Glass http://www.labs.lacnic.net/rpkitools/looking_glass/
Copyright © 2015 Japan Network Information Center Summary • RPKI(Resource Public-Key Infrastructure) – Resource certificate certifies allocation/assignment of IP address and AS number – BGPSEC – security mechanism for BGP routing is being implemented • World Wide – Resource certificates and ROA are issued by all 5 RIR. Number of resource certificate is increasing continuously. 28
Copyright © 2015 Japan Network Information Center What’s up in Japan • JANOG RPKI routing WG – RPKI tutorials by Randy – RPKI hackathon • Technical seminar • Inviting Oliver Borchert (NIST) • MULTIFEED (June 2014) • RPKI Public RPKI cache server • With MULTIFEED (Oct 2014) 29
Copyright © 2015 Japan Network Information Center RPKI Hackathon 30 Attendees JPNIC Click Resource Cert. and ROA RPKIcache validated prefix BGP Router Today’s special
Copyright © 2015 Japan Network Information Center RPKI Hands-on 31
Copyright © 2015 Japan Network Information Center Hands-on agenda 1. Resource certificates and ROA management • APNIC • JPNIC 2. RPKI BGP Hands-on (basics) 3. (Use of MyAPNIC) 32

Recommended

RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
 
Securing the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsSecuring the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsAPNIC
 
APNIC Update: ARIN 37
APNIC Update: ARIN 37APNIC Update: ARIN 37
APNIC Update: ARIN 37Bhadrika Magan
 
Measuring IPv6 ISP performance
Measuring IPv6 ISP performanceMeasuring IPv6 ISP performance
Measuring IPv6 ISP performanceAPNIC
 
Intelligently collecting data at the edge—intro to Apache MiNiFi
Intelligently collecting data at the edge—intro to Apache MiNiFiIntelligently collecting data at the edge—intro to Apache MiNiFi
Intelligently collecting data at the edge—intro to Apache MiNiFiDataWorks Summit
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasAPNIC
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 

Recommended

RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
 
Securing the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsSecuring the global routing system and the approach of operators
Securing the global routing system and the approach of operatorsAPNIC
 
APNIC Update: ARIN 37
APNIC Update: ARIN 37APNIC Update: ARIN 37
APNIC Update: ARIN 37Bhadrika Magan
 
Measuring IPv6 ISP performance
Measuring IPv6 ISP performanceMeasuring IPv6 ISP performance
Measuring IPv6 ISP performanceAPNIC
 
Intelligently collecting data at the edge—intro to Apache MiNiFi
Intelligently collecting data at the edge—intro to Apache MiNiFiIntelligently collecting data at the edge—intro to Apache MiNiFi
Intelligently collecting data at the edge—intro to Apache MiNiFiDataWorks Summit
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasAPNIC
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshFakrul Alam
 
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
10 (IDNOG01) Introduction about ICANN by Champika WijayatungaIndonesia Network Operators Group
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73APNIC
 
Value Added Services and WebRTC
Value Added Services and WebRTCValue Added Services and WebRTC
Value Added Services and WebRTCDialogic Inc.
 
IPv6 at 6connect, PTC17
IPv6 at 6connect, PTC17IPv6 at 6connect, PTC17
IPv6 at 6connect, PTC17APNIC
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performanceAPNIC
 
36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy UpdateAPNIC
 
36th TWNIC OPM: BGP security threats and challenges
36th TWNIC OPM: BGP security threats and challenges36th TWNIC OPM: BGP security threats and challenges
36th TWNIC OPM: BGP security threats and challengesAPNIC
 
HKNOG1.1 presentation
HKNOG1.1 presentationHKNOG1.1 presentation
HKNOG1.1 presentationAPNIC
 
Government
Government Government
Government APNIC
 
IPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanIPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanAPNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?APNIC
 
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudAsset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudRobert van Mölken
 
Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?APNIC
 
Matrix, The Year To Date, Ben Parsons, TADSummit 2018
Matrix, The Year To Date, Ben Parsons, TADSummit 2018Matrix, The Year To Date, Ben Parsons, TADSummit 2018
Matrix, The Year To Date, Ben Parsons, TADSummit 2018Alan Quayle
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: CienaJisc
 
Adressing IPv6 strategy
Adressing IPv6 strategyAdressing IPv6 strategy
Adressing IPv6 strategyOrange Business Services
 
JPNIC Update by Akira Shibuya [APRICOT 2015]
JPNIC Update by Akira Shibuya [APRICOT 2015]JPNIC Update by Akira Shibuya [APRICOT 2015]
JPNIC Update by Akira Shibuya [APRICOT 2015]APNIC
 
RPKI Deployment Panel
RPKI Deployment PanelRPKI Deployment Panel
RPKI Deployment PanelAPNIC
 

More Related Content

What's hot

IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshFakrul Alam
 
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
10 (IDNOG01) Introduction about ICANN by Champika WijayatungaIndonesia Network Operators Group
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73APNIC
 
Value Added Services and WebRTC
Value Added Services and WebRTCValue Added Services and WebRTC
Value Added Services and WebRTCDialogic Inc.
 
IPv6 at 6connect, PTC17
IPv6 at 6connect, PTC17IPv6 at 6connect, PTC17
IPv6 at 6connect, PTC17APNIC
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performanceAPNIC
 
36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy UpdateAPNIC
 
36th TWNIC OPM: BGP security threats and challenges
36th TWNIC OPM: BGP security threats and challenges36th TWNIC OPM: BGP security threats and challenges
36th TWNIC OPM: BGP security threats and challengesAPNIC
 
HKNOG1.1 presentation
HKNOG1.1 presentationHKNOG1.1 presentation
HKNOG1.1 presentationAPNIC
 
Government
Government Government
Government APNIC
 
IPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanIPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanAPNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?APNIC
 
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudAsset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudRobert van Mölken
 
Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?APNIC
 
Matrix, The Year To Date, Ben Parsons, TADSummit 2018
Matrix, The Year To Date, Ben Parsons, TADSummit 2018Matrix, The Year To Date, Ben Parsons, TADSummit 2018
Matrix, The Year To Date, Ben Parsons, TADSummit 2018Alan Quayle
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: CienaJisc
 

What's hot (20)

IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in Bangladesh
 
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
Value Added Services and WebRTC
Value Added Services and WebRTCValue Added Services and WebRTC
Value Added Services and WebRTC
 
IPv6 at 6connect, PTC17
IPv6 at 6connect, PTC17IPv6 at 6connect, PTC17
IPv6 at 6connect, PTC17
 
IPv6 performance
IPv6 performanceIPv6 performance
IPv6 performance
 
36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update
 
36th TWNIC OPM: BGP security threats and challenges
36th TWNIC OPM: BGP security threats and challenges36th TWNIC OPM: BGP security threats and challenges
36th TWNIC OPM: BGP security threats and challenges
 
HKNOG1.1 presentation
HKNOG1.1 presentationHKNOG1.1 presentation
HKNOG1.1 presentation
 
Government
Government Government
Government
 
IPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanIPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in Japan
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?
 
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudAsset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
 
Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?
 
Matrix, The Year To Date, Ben Parsons, TADSummit 2018
Matrix, The Year To Date, Ben Parsons, TADSummit 2018Matrix, The Year To Date, Ben Parsons, TADSummit 2018
Matrix, The Year To Date, Ben Parsons, TADSummit 2018
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: Ciena
 
Adressing IPv6 strategy
Adressing IPv6 strategyAdressing IPv6 strategy
Adressing IPv6 strategy
 

Similar to RPKI Tutorial and Hands-On Guide for Network Security

JPNIC Update by Akira Shibuya [APRICOT 2015]
JPNIC Update by Akira Shibuya [APRICOT 2015]JPNIC Update by Akira Shibuya [APRICOT 2015]
JPNIC Update by Akira Shibuya [APRICOT 2015]APNIC
 
RPKI Deployment Panel
RPKI Deployment PanelRPKI Deployment Panel
RPKI Deployment PanelAPNIC
 
JPNIC Update
JPNIC UpdateJPNIC Update
JPNIC UpdateAPNIC
 
TWNIC Update
TWNIC UpdateTWNIC Update
TWNIC UpdateAPNIC
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)RIPE NCC
 
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]APNIC
 
APNIC Activity Report 2015
APNIC Activity Report 2015APNIC Activity Report 2015
APNIC Activity Report 2015APNIC
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Data Science Case Studies: The Internet of Things: Implications for the Enter...
Data Science Case Studies: The Internet of Things: Implications for the Enter...Data Science Case Studies: The Internet of Things: Implications for the Enter...
Data Science Case Studies: The Internet of Things: Implications for the Enter...VMware Tanzu
 
APNIC Activity Report
APNIC Activity ReportAPNIC Activity Report
APNIC Activity ReportAPNIC
 
Government Policy and IPv6 Adoption - Strategic linkages
Government Policy and IPv6 Adoption - Strategic linkagesGovernment Policy and IPv6 Adoption - Strategic linkages
Government Policy and IPv6 Adoption - Strategic linkagesAPNIC
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
RIPE NCC Update
RIPE NCC UpdateRIPE NCC Update
RIPE NCC UpdateAPNIC
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]APNIC
 
How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionAPNIC
 
APNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC
 
Pablo RIR reference
Pablo RIR referencePablo RIR reference
Pablo RIR referenceAFRINIC
 

Similar to RPKI Tutorial and Hands-On Guide for Network Security (20)

JPNIC Update by Akira Shibuya [APRICOT 2015]
JPNIC Update by Akira Shibuya [APRICOT 2015]JPNIC Update by Akira Shibuya [APRICOT 2015]
JPNIC Update by Akira Shibuya [APRICOT 2015]
 
RPKI Deployment Panel
RPKI Deployment PanelRPKI Deployment Panel
RPKI Deployment Panel
 
JPNIC Update
JPNIC UpdateJPNIC Update
JPNIC Update
 
TWNIC Update
TWNIC UpdateTWNIC Update
TWNIC Update
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
 
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
JPNIC Update, by Izumi Okutani, Taiji Kimura [APNIC 38 / NIR SIG]
 
APNIC Activity Report 2015
APNIC Activity Report 2015APNIC Activity Report 2015
APNIC Activity Report 2015
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Data Science Case Studies: The Internet of Things: Implications for the Enter...
Data Science Case Studies: The Internet of Things: Implications for the Enter...Data Science Case Studies: The Internet of Things: Implications for the Enter...
Data Science Case Studies: The Internet of Things: Implications for the Enter...
 
APNIC Activity Report
APNIC Activity ReportAPNIC Activity Report
APNIC Activity Report
 
Government Policy and IPv6 Adoption - Strategic linkages
Government Policy and IPv6 Adoption - Strategic linkagesGovernment Policy and IPv6 Adoption - Strategic linkages
Government Policy and IPv6 Adoption - Strategic linkages
 
09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
RIPE NCC Update
RIPE NCC UpdateRIPE NCC Update
RIPE NCC Update
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKI
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun Rajagopal
 
RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]
 
How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaion
 
APNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC Update @ ARM, Mongolia
APNIC Update @ ARM, Mongolia
 
Pablo RIR reference
Pablo RIR referencePablo RIR reference
Pablo RIR reference
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 

Recently uploaded (20)

A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 

RPKI Tutorial and Hands-On Guide for Network Security

  • 1. Copyright © 2015 Japan Network Information Center RPKI Tutorial and hands-on 1
  • 2. Copyright © 2015 Japan Network Information Center Contents • RPKI basics • RPKI hands-on 2
  • 3. Copyright © 2015 Japan Network Information Center RPKI basics • What is RPKI? • Why? and how much? • How it works? 3
  • 4. Copyright © 2015 Japan Network Information Center What is RPKI? 4
  • 5. Copyright © 2015 Japan Network Information Center RPKI 5 RPKI (Resource PKI) Resource Public-Key Infrastructure Why infrastructure? Public-Key? Resource? PKI?
  • 6. Copyright © 2015 Japan Network Information Center Resource Certificate 6 Resource Certificate What is different from SSL/TLS certificates? Resources?
  • 7. Copyright © 2015 Japan Network Information Center Resource certificate Resource certificate = digital certificate which certifies allocation/assignment of number resources Registry or resource allocatorResource holder Resource certificate 7
  • 8. Copyright © 2015 Japan Network Information Center Contents in resource certificates 8 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=D5BBADA3 Validity Not Before:Apr 15 10:24:392014 GMT NotAfter : Apr 14 10:24:392019 GMT Subject: CN=D5BBADA3 Subject Public KeyInfo: Public KeyAlgorithm: rsaEncryption Public-Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 18:CE:ED:52:F0:99:02:8A:58:3C:F1:7B:53:71:0E:1F:5D:37:4F:8D X509v3 Key Usage: critical Certificate Sign, CRL Sign Subject InformationAccess: CA Repository- URI:rsync://rpki01.nic.ad.jp/repository/ 1.3.6.1.5.5.7.48.10 - URI:rsync://rpki01.nic.ad.jp/repository/jpnic-ta-03.mft sbgp-autonomousSysNum: critical Autonomous System Numbers: 0-4294967295 sbgp-ipAddrBlock: critical IPv4: 0.0.0.0/0 IPv6: ::/0
  • 9. Copyright © 2015 Japan Network Information Center Registries and resource certificate • In internet registries (RIR or NIR ..) 9 WHOIS database ↓ Allocation/assignment data (IP address and AS number) ↓ Digital certificate with Allocation/assignment data = Resource certificate
  • 10. Copyright © 2015 Japan Network Information Center Registry tree and resource certificate RIR: Regional Internet Registry NIRs NIR: National Internet Registry ICANN/IANA ISPISP LIR: Local Internet Registry RIPE NCC AfriNIC APNIC ARIN LACNI C Allocation Allocation Allocation WHOIS Database User network Assignment IP address Resourcecertificate 10
  • 11. Copyright © 2015 Japan Network Information Center Tree structure 11 NIRs ICANN/IANA ISP User net Issuer: (APNIC) Subject: (JPNIC) IPaddr: 192.0.0.0/8 Issuer: (JPNIC) Subject: (ISP) IPaddr 192.168.0.0/16 Issuer: (ISP) Subject: (User net) IPaddr: 192.168.64.0/22 ROA – Route Origination Authorization (digital signature by User net) - means route announcing authorization from AS65535 on 192.168.64.0/24 AS65535 RIPE NCC AfriNIC APNIC ARIN LACNI C
  • 12. Copyright © 2015 Japan Network Information Center Why? and how much? 12
  • 13. Copyright © 2015 Japan Network Information Center YouTube mis-origin route 13 YouTube Hijacking:ARIPE NCC RIS case study,17Mar2008, RIPE NCC, http://www.ripe.net/internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study
  • 14. Copyright © 2015 Japan Network Information Center BitCoin mining pool 14 BGP Hijacking for Cryptocurrency Profit, 7 August 2014 Pat Litke and Joe Stewart, Dell SecureWorks Counter Threat Unit http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
  • 15. Copyright © 2015 Japan Network Information Center Motivation to the infrastructure • To find misused IP address in routers • Internet registries having database on IP address can certify allocations/assignments. • Internet reachability is getting serious for Web services. 15
  • 16. Copyright © 2015 Japan Network Information Center Fee • No additional fee are on resource certification in RIR (and JPNIC). • To use origin validation, capable routers and “RPKI cache server” are needed. • Free to ‘watch’ what is happening in the world… 16
  • 17. Copyright © 2015 Japan Network Information Center How it works? 17
  • 18. Copyright © 2015 Japan Network Information Center Unintended use of IP address • Configuring IP address which is allocated to other network ? ? 192.168.100.0/24 192.168.150.0/24 192.168.100.0/24 18 AS1 AS2 AS3
  • 19. Copyright © 2015 Japan Network Information Center Route Origin Authorization • Authorizations from IP address holders to AS to use allocated IP address prefix. • ROA is useful to check whether BGP routing information is intended one or misoriginated. • ROA has IP address prefix and AS number with digital signature by the address holder’s key. 19
  • 20. Copyright © 2015 Japan Network Information Center Origin Validation 20 ! ! 192.168.100.0/24 192.168.150.0/24 192.168.100.0/24 ROA – Route Origin Authorization ROA – Route Origin Authorization AS1 AS2 AS3
  • 21. Copyright © 2015 Japan Network Information Center Subject Information Access Trust anchor and validation 21 Repository A RPKI (validation) cache server URL Repository B 192.0.0.0/8 192.168.0.0/16 SIA(URI) 192.168.64.0/22 SIA(URI) ROA (192.168.64.0/24) SIA(URI) Repository C Trust anchor locator (.tal file) (1) (2) (3) Trust anchor locator (TAL) is used to specify your trust anchor Issuer’s certificates has wider range of resources
  • 22. Copyright © 2015 Japan Network Information Center Some updates 22
  • 23. Copyright © 2015 Japan Network Information Center World Wide 23 http://en.wikipedia.org/wiki/File:Regional_Internet_Registries_world_map.svg
  • 24. Copyright © 2015 Japan Network Information Center Number of resource certificate 24 http://certification-stats.ripe.net/ RIPE region
  • 25. Copyright © 2015 Japan Network Information Center Number of ROA 25 http://certification-stats.ripe.net/ RIPE Region
  • 26. Copyright © 2015 Japan Network Information Center What is going on in the world? • RIPE region has much more number of ROA and Resource certificates – RIPE NCC launches experimental Web site for RPKI brought good discussions in RIPE meeting • LACNIC region has increase at the 2012th – LACNIC XVIII Nov. 2012 – Email notified to all ISP in LACNIC region – Over 90% covering certificates are issued in Ecuador. 26
  • 27. Copyright © 2015 Japan Network Information Center Visualizing tools 27 ・ RPKI Origin Validation Looking Glass http://www.labs.lacnic.net/rpkitools/looking_glass/
  • 28. Copyright © 2015 Japan Network Information Center Summary • RPKI(Resource Public-Key Infrastructure) – Resource certificate certifies allocation/assignment of IP address and AS number – BGPSEC – security mechanism for BGP routing is being implemented • World Wide – Resource certificates and ROA are issued by all 5 RIR. Number of resource certificate is increasing continuously. 28
  • 29. Copyright © 2015 Japan Network Information Center What’s up in Japan • JANOG RPKI routing WG – RPKI tutorials by Randy – RPKI hackathon • Technical seminar • Inviting Oliver Borchert (NIST) • MULTIFEED (June 2014) • RPKI Public RPKI cache server • With MULTIFEED (Oct 2014) 29
  • 30. Copyright © 2015 Japan Network Information Center RPKI Hackathon 30 Attendees JPNIC Click Resource Cert. and ROA RPKIcache validated prefix BGP Router Today’s special
  • 31. Copyright © 2015 Japan Network Information Center RPKI Hands-on 31
  • 32. Copyright © 2015 Japan Network Information Center Hands-on agenda 1. Resource certificates and ROA management • APNIC • JPNIC 2. RPKI BGP Hands-on (basics) 3. (Use of MyAPNIC) 32