APNIC Director General Paul Wilson gives a presentation on Internet number registry services - the next generation at ThaiNOG 2019, held with BKNIX 2019 in Bangkok, Thailand from 7 to 8 May 2019.
APNIC Senior Network Analyst Tashi Phuntsho presents on the importance of routing security at SANOG 34 in Kolkata, India from 31 July to 7 August 2019.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
APNIC Senior Network Analyst Tashi Phuntsho presents on the importance of routing security at SANOG 34 in Kolkata, India from 31 July to 7 August 2019.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
RPKI (Resource Public Key Infrastructure)Fakrul Alam
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP Addresses) to a trust anchor. (wikipedia)
Andrzej Wolski - RIPE
Language: English
Securing BGP has been on the todo list of the the community at large for many years. Resource Public Key Infrastructure (RPKI) is the latest and most successful initiative. RPKI solves one of the most fundamental problems, it allows to verify whether an Autonomous System (AS) is authorized to announce a specific IP address range. We will look at closely at the state of the RPKI deployment. Successes and failures globally, define areas for improvement and quickly zoom in into our region.
Register to the next PLNOG edition: krakow.plnog.pl
Building Modern Digital Services on Scalable Private Government Infrastructur...Andrés Colón Pérez
These are a series of presentations and knowledge collected from the web to help knowledge sharing at the government of Puerto Rico, created with the hope of helping transform government culture by engaging key personnel in diverse areas of central government IT. We discussed design and development methodologies as well as implementation, network and server technologies that led to the successful launch of the most popular online service in PR.gov, in the hope that the knowledge is retained and used to prevent problems that have plagued digital services of the past.
How did Puerto Rico build the New Good standing Certificate Online Service? How did it scale to handle millions of visitors while having 0 licensing costs? This is the technical overview of the design, philosophy and implementation.
- Good standing certificate knowledge transfer presentation by Andrés Colón
Note on attribution: some content such as logos and designs were used from the web. Rights remain with their original authors. Thanks for sharing with the world.
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
APNIC Director General Paul Wilson gives a presentation on the latest developments in IP address registry services, and their importance to Internet stability and security at the ICANN APAC-TWNIC Engagement Forum in Taipei, Taiwan from 16 to 17 April. 2019
Network State Awareness & Troubleshooting, by Faraz Shamim.
A presentation given at APRICOT 2016’s Network State Awareness and Troubleshooting tutorial on 25 February 2016.
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...akg1330
RPKI is a relatively new technology that permits origin validation for IP prefixes. This is an important steps towards securing the global routing infrastructure.
Presentation given during Firetalks at ShmooCon 2015:
http://youtu.be/oa8T5HLtY8I
RPKI (Resource Public Key Infrastructure)Fakrul Alam
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP Addresses) to a trust anchor. (wikipedia)
Andrzej Wolski - RIPE
Language: English
Securing BGP has been on the todo list of the the community at large for many years. Resource Public Key Infrastructure (RPKI) is the latest and most successful initiative. RPKI solves one of the most fundamental problems, it allows to verify whether an Autonomous System (AS) is authorized to announce a specific IP address range. We will look at closely at the state of the RPKI deployment. Successes and failures globally, define areas for improvement and quickly zoom in into our region.
Register to the next PLNOG edition: krakow.plnog.pl
Building Modern Digital Services on Scalable Private Government Infrastructur...Andrés Colón Pérez
These are a series of presentations and knowledge collected from the web to help knowledge sharing at the government of Puerto Rico, created with the hope of helping transform government culture by engaging key personnel in diverse areas of central government IT. We discussed design and development methodologies as well as implementation, network and server technologies that led to the successful launch of the most popular online service in PR.gov, in the hope that the knowledge is retained and used to prevent problems that have plagued digital services of the past.
How did Puerto Rico build the New Good standing Certificate Online Service? How did it scale to handle millions of visitors while having 0 licensing costs? This is the technical overview of the design, philosophy and implementation.
- Good standing certificate knowledge transfer presentation by Andrés Colón
Note on attribution: some content such as logos and designs were used from the web. Rights remain with their original authors. Thanks for sharing with the world.
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
APNIC Director General Paul Wilson gives a presentation on the latest developments in IP address registry services, and their importance to Internet stability and security at the ICANN APAC-TWNIC Engagement Forum in Taipei, Taiwan from 16 to 17 April. 2019
Network State Awareness & Troubleshooting, by Faraz Shamim.
A presentation given at APRICOT 2016’s Network State Awareness and Troubleshooting tutorial on 25 February 2016.
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...akg1330
RPKI is a relatively new technology that permits origin validation for IP prefixes. This is an important steps towards securing the global routing infrastructure.
Presentation given during Firetalks at ShmooCon 2015:
http://youtu.be/oa8T5HLtY8I
APNIC Director General Paul Wilson presents on the next generation of Internet number registry services, namely RDAP and RPKI at the 31st TWNIC OPM and TWNOG in Taipei, Taiwan from 27 to 28 November 2018.
at ICANN69's virtual Techday, Alex Mayrhofer of nic.at speaks about the current state of .at's RDAP server prototype. The primary goal of the prototype is to the provide the local CERT with in-depth information about .at domain names. The prototype is used to develop and test-drive a few advanced RDAP features and pave the way to a potential public service.
Building high performance microservices in finance with Apache ThriftRX-M Enterprises LLC
Apache Roadshow Chicago Talk on May 14, 2019
In this talk we’ll look at the ways Apache Thrift can solve performance problems commonly facing next generation applications deployed in performance sensitive capital markets and banking environments. The talk will include practical examples illustrating the construction, performance and resource utilization benefits of Apache Thrift. Apache Thrift is a high-performance cross platform RPC and serialization framework designed to make it possible for organizations to specify interfaces and application wide data structures suitable for serialization and transport over a wide variety of schemes. Due to the unparalleled set of languages supported by Apache Thrift, these interfaces and structs have similar interoperability to REST type services with an order of magnitude improvement in performance. Apache Thrift services are also a perfect fit for container technology, using considerably fewer resources than traditional application server style deployments. Decomposing applications into microservices, packaging them into containers and orchestrating them on systems like Kubernetes can bring great value to an organization; however, it can also take a very fast monolithic application and turn it into a high latency web of slow, resource hungry services. Apache Thrift is a perfect solution to the performance and resource ills of many microservice based endeavors.
APAN 50: RPKI industry trends and initiatives APNIC
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of the RPKI, why it is important, and how to create ROAs and ROVs to secure routing announcements.
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of RPKI as another security consideration for peering at Peering Asia 2.0, held in Hong Kong from 24 to 25 October 2018.
23rd PITA AGM and Conference: Internet number registry services - the next ge...APNIC
APNIC Director General Paul Wilson gives a presentation on the latest developments in IP address registry services, and
their importance to Internet stability and security at the 23rd Pacific Islands Telecommunications Association Annual General Meeting (PITA 23 AGM) and Annual Conference in Nadi, Fiji from 8 to 12 April 2019.
APNIC Product Manager, Registry Services George Michaelson present on why RPKI really matters at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
ARIN 35 Tutorial: How to certify your ARIN resources with RPKIARIN
ARIN 35 Tutorial: How to certify your ARIN resources with RPKI by Andy Newton. Presentation at: https://www.arin.net/participate/meetings/reports/ARIN_35/premeeting.html
Similar to ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation (20)
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
2. Overview
• What are registry services
• Today’s registry services
⎯ whois
• The next generation…
⎯ Registration Data Access Protocol (RDAP)
⎯ Resource Public Key Infrastructure (RPKI)
3. Registries?
• Organisations running registry services
⎯ With authority for registration of some “Public Resource”
• Public databases describing status of resources
⎯ Land titles, vehicle registrations, phone numbers
⎯ Internet registries - Domain Names, protocols, INRs
⎯ e.g. .com, .th, IPv4, IPv4, ASNs
• Internet Registries
⎯ Authoritative registry/database function
⎯ Public registry service function
⎯ gTLDs, ccTLDs
⎯ RIRs, NIRs, LIRs, ISPs…
4. Registry services (INRs)
• whois
⎯ Query service on TCP port 43 (RFC 812, 1982)
⎯ Very simple service
⎯ Query and response are not standardised
• Registration Data Access Protocol (RDAP) (NEW since 2015)
⎯ API for access to “whois” registry data
⎯ Automation, AAA, i18N, redirection, extensibility
• Resource Public Key Infrastructure (RPKI) (since 2010)
⎯ PKI for INRs
⎯ Cryptographically verifiable “ownership” of INRs
9. Whois – limitations
• “blob” query and result formats
⎯ Registry-specific questions and answers (eg RPSL)
⎯ Automation is difficult
• No AAA model
⎯ Built for public service only
• Most servers serve US-ASCII only
⎯ i18n is undefined
• No redirection
⎯ User/client must find the right server
9
11. RDAP
• RDAP is the successor to the ageing WHOIS protocol.
⎯ Stardardised by IETF
• Query: REST
⎯ REpresentational State Transfer - via HTTP
⎯ Query defined within URL issued to RESTful server
⎯ Inherits useful features from HTTP/HTTPS (AAA, redirection…)
• Response: JSON
⎯ JavaScript Object Notation
⎯ Standardised text representation of structured data
⎯ Easily used by JavaScript/HTML5, Java, Perl, Python…
* Source: RDAP.org
12. RDAP JSON raw
12
$ curl http://rdap.apnic.net/ip/210.17.9.242
{"rdapConformance":["history_version_0","rdap_level_0"],"notices":[{"title":"Source","description":["Objects returned came from
source","APNIC"]},{"title":"Terms and Conditions","description":["This is the APNIC WHOIS Database query service. The objects are in
RDAP format."],"links":[{"value":"http://rdap.apnic.net/ip/210.17.9.242","rel":"terms-of-
service","href":"http://www.apnic.net/db/dbcopyright.html","type":"text/html"}]}],"country":"TW","events":[{"eventAction":"last
changed","eventDate":"2011-06-01T04:13:58Z"}],"name":"TTN-TW","remarks":[{"description":["Taiwan Telecommunication Network Services
Co.,LTD.","110 , 8F , No 89 , Sung Jen RD , Taipei"],"title":"description"},{"description":["service
provider"],"title":"remarks"}],"type":"ALLOCATED
PORTABLE","endAddress":"210.17.127.255","ipVersion":"v4","startAddress":"210.17.0.0","handle":"210.17.0.0 -
210.17.127.255","objectClassName":"ip
network","links":[{"value":"http://rdap.apnic.net/ip/210.17.9.242","rel":"self","href":"http://rdap.apnic.net/ip/210.17.0.0/17","type
":"application/rdap+json"}],"entities":[{"roles":["abuse"],"events":[{"eventAction":"last changed","eventDate":"2017-01-
22T22:54:59Z"}],"vcardArray":["vcard",[["version",{},"text","4.0"],["fn",{},"text","IRT-TFN-
TW"],["kind",{},"text","group"],["adr",{"label":"7F., No. 172-1, Sec. 2, Ji-Lung Rd.nTaipei City 106, Taiwan
R.O.C."},"text",["","","","","","",""]],["email",{},"text","ethanchen@taiwanmobile.com"],["email",{"pref":"1"},"text","ethanchen@taiw
anmobile.com"]]],"handle":"IRT-TFN-
TW","objectClassName":"entity","links":[{"value":"http://rdap.apnic.net/ip/210.17.9.242","rel":"self","href":"http://rdap.apnic.net/e
ntity/IRT-TFN-TW","type":"application/rdap+json"}]},{"roles":["administrative","technical"],"events":[{"eventAction":"last
changed","eventDate":"2011-12-06T00:10:19Z"}],"remarks":[{"description":["### Crime, Abuse , Spam , Security ###","CSC TEL : 0809-
000-188","CSC TEL : +886-2-4066-0357","abuse@tfn.com.tw","abuse@tfn.com.tw","### Crime, Abuse , Spam , Security
###"],"title":"remarks"}],"vcardArray":["vcard",[["version",{},"text","4.0"],["fn",{},"text","TTN IP-
Team"],["kind",{},"text","group"],["adr",{"label":"Taiwan Mobile Co., Ltd.nNetwork Assurance & Technical Support Div.n# Ex TTN
mergedn8F.,No 172-1, Sec 2, Ji-Lung RDnTaipei 106 Taiwan"},"text",["","","","","","",""]],["tel",{"type":"voice"},"text","+886-2-
6638-6888"],["tel",{"type":"fax"},"text","+886-2-6639-0607"],["email",{},"text","whois@ttn.com.tw"]]],"handle":"IP11-
AP","objectClassName":"entity","links":[{"value":"http://rdap.apnic.net/ip/210.17.9.242","rel":"self","href":"http://rdap.apnic.net/e
ntity/IP11-AP","type":"application/rdap+json"}]}],"port43":"whois.apnic.net"}
HTTP “get”
JSON reply
21. RDAP benefits
• Automation – JSON input to common programming languages
⎯ Integration with firewall, NMS, IPAM…
• “Differentiated Access”
⎯ If needed
• Speaks your language (and character set)
⎯ Can implement server-side or in-client language preference
• One stop query
⎯ Will auto-redirect to the right authoritative server
• Web protocol is CDN friendly
⎯ Serve local, via anycast or DNS redirection methods
⎯ Cacheable, survives DDoS longer since distributed
22. APNIC RDAP Status
• First implemented May 2015
⎯ Adjunct service query to WHOIS radix tree (in memory)
⎯ Rewrote RPSL on-the-fly
• Re-implemented into WHOWAS Late 2016
⎯ Static in-memory data model. Fast response
• Working with NIRs
⎯ Hope to serve <nir>.rdap.apnic.net more-specific service
• APNIC region-wide consistent service model goal for 2019
⎯ Working with NIRs and other RIRs
24. RPKI
• RPKI is a public key infrastructure (PKI) framework,
designed to secure BGP routing
⎯ Based on X.509 PKI standards
• RPKI adds INR information to X.509 certificates issued to
resource holders
⎯ Representing “ownership” and other status
⎯ Certification hierarchy follows INR delegation hierarchy
IANA ➔ RIR ➔ NIR ➔ ISP ➔ …
25. RPKI hierarchy
ISP CA
EE EE EE EE
IANA
CA
APNIC
CA
LACNIC
CA
RIPE- NCC
CA
ARIN
CA
AFRINIC
CA
TA
TA TA TA TA TA
26. RPKI application: ROA
• Route Origin Authorization
⎯ List of prefixes with ASN authorized to announce
⎯ Signed by the prefix holder with RPKI certificate
• ROV relies on the integrity of the ROA
⎯ If valid, can now be used to construct route filters
Prefix 203.176.32.0/19
Max-length /24
Origin ASN AS17821
27. Route Origin Validation (ROV)
• Using RPKI Route Origin Authorisation (ROA)
AS17821
203.176.32.0/19
Peer/Upstream
or IXP
LOA
??
28. Route Origin Validation (ROV)
• Using RPKI Route Origin Authorisation (ROA)
AS17821
203.176.32.0/19
Peer/Upstream
or IXP
☺
ROA
29. RPKI application: RTA
• Resource Tagged Attestation
⎯ Use of RPKI cert to sign an arbitrary object
• RTA application: LOA
⎯ Replace existing informal “letter of authority” practice
⎯ Now digitally secured and can be automated
• Pilot implementation
⎯ In development at APNIC (via MyAPNIC)
⎯ IETF draft in progress
32. RPKI Service Models
• Hosted service
⎯ APNIC performs CA functions on behalf of members
⎯ Manage keys, repository etc
⎯ Generate certificates for resource delegations
⎯ This “Member CA” is separate from the “APNIC CA”
• Provisioning model
⎯ Member operates full RPKI system including CA
⎯ Communication with APNIC via provisioning protocol
⎯ This is live at JPNIC, CNNIC and TWNIC (IDNIC in progress)
33. ROA deployment – Global
Valid 12.85%
Invalid 0.75%
https://rpki-monitor.antd.nist.gov
34. ROA deployment – Regional
0
10
20
30
40
50
60
70
80
90
100
BD BT CN HK ID IN JP KH LA LK MM MN MY NP PH PK SG TH TW VN
Orgs
IPv4
IPv6
35. RPKI benefits
• Improved in-band verification of resource custodianship
⎯ Much safer than manually checking whois or IRR database
⎯ Ease of automation
• Primary application: Secure Origin (ROA)
⎯ A first step to preventing many attacks on BGP integrity
⎯ BGP Path remains a problem which is under development
⎯ Related information such as IRR Policy can now leverage strong proofs
of validity (end the maintainer-authority problem in RADB/IRR)
• Also: secure attestation (RTA)
⎯ And more in future?
36. How do I start?
• Create ROAs to better protect your own routes
⎯ Encourage your peers/customers to do the same
⎯ Encourage your IXP to implement ROV in the RS
• Then
⎯ Set up route validation at your own border routers
⎯ Using public or IXP validator, or your own
• APNIC members, use MyAPNIC
⎯ We can help!
⎯ Please contact APNIC Helpdesk
⎯ And…