MyNOG 10: Cleaning up your RPKI invalids

APNIC
APNICAPNIC
1 Cleaning up your RPKI invalids Zen Ng Senior Internet Resource Analyst APNIC
2 What has been discussed previously? • ROA adoption rate in SEA and Malaysia • It was great! Thanks to all! • Currently 95.74%. So far yet so close! • While ROA stats are increasing, RPKI invalids still persists • What should we do next? To clean up and reduce RPKI invalids
3 ROA adoption in SEA 3 Economy ROA adoption rate (%) Philippines 96.73% Malaysia 95.74% Cambodia 93.43% Myanmar 91.02% Vietnam 88.73% Singapore 83.50% Lao PDR 77.81% Thailand 66.86%
4 4 Lets revisit….What is RPKI? A robust security framework for verifying the association between resource holders and their Internet number resources. 4
5 5 Route Origin Authorization What is contained in a ROA? – The AS number you have authorized – The prefix that is being originated from it – The most specific prefix (maximum length) that the AS may announce For example: “ISP 4 permits AS65551 to originate a route for the prefix 198.51.100.0/24" 5
6 6 Route Origin Validation • Valid – The prefix (prefix length) and AS pair found in the database • Invalid – Prefix is found, but origin-AS is wrong, OR – The prefix length is longer than the maximum length 6
7 7 Route Origin Validation 7 https://isbgpsafeyet.com/
8 8 RPKI invalids 8
9 9 RPKI invalids 9 Validation result IPv4 count Invalid origin ASN 338 Invalid origin ASN and Max Length 192 Invalid Max Length 1694 Routeviews collector SG and Routunator
10 Comparing to other economies Validation result IPv4 count MY ID SG Invalid origin ASN 338 3 11 55 Invalid origin ASN and Max Length 192 0 0 12 Invalid Max Length 1694 25 142 167
11 11 ROA Pre-validation 11
12 12 ROA Pre-validation 12 • Validate changes submitted via MyAPNIC to ensure that they won’t cause problems in BGP • Allows Members to override if necessary
13 13 Routing Status Alerts 13 https://dash.apnic.net/
14 14 Routing Status Alerts 14
15 15 ROA alert filters 15
16 IPv4 ROA coverage in Malaysia https://stats.labs.apnic.net/roas Around 20% 79.15%
17 17 Creating your ROAs 17 Request a Digital Certificate (2FA) Corporate Contact approves request Install Digital Certificate Corporate Contact gives RPKI update permission Enable RPKI in MyAPNIC Create ROA Simplified … Register for MyAPNIC Set up 2FA Enable RPKI in MyAPNIC Create ROA
18 18 Summary • ROA Pre-validation feature • Routing Status Alerts in Dash • ROA Alert Filters in Dash • Registry API – https://blog.apnic.net/2022/03/22/apnic-registry-api/ • Continuous improvement on ROA guides and Help Centre articles
19 Questions?
1 de 19

MyNOG 10: Cleaning up your RPKI invalids

Descargar para leer sin conexión
Internet

APNIC Senior Internet Resource Analyst Zen Ng presents on RPKI invalids at MyNOG 10, held on 14 June 2023 in Kuala Lumpur, Malaysia.

APNIC
APNICAPNIC

Recomendados

INNOG 6: Cleaning up your RPKI invalides por
INNOG 6: Cleaning up your RPKI invalidesINNOG 6: Cleaning up your RPKI invalides
INNOG 6: Cleaning up your RPKI invalidesAPNIC
197 vistas17 diapositivas
PhNOG 2020: Securing your resources with RPKI and IRT por
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
1.7K vistas19 diapositivas
HKNOG 7.0: RPKI - it's time to start deploying it por
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
1.3K vistas36 diapositivas
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT por
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTMMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTAPNIC
104 vistas29 diapositivas
Securing global routing system and operators approach por
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approachAPNIC
817 vistas27 diapositivas
Secure Inter-domain Routing with RPKI por
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
293 vistas52 diapositivas

Más contenido relacionado

Similar a MyNOG 10: Cleaning up your RPKI invalids

PacNOG 31: Cleaning up your RPKI invalids por
PacNOG 31: Cleaning up your RPKI invalidsPacNOG 31: Cleaning up your RPKI invalids
PacNOG 31: Cleaning up your RPKI invalidsAPNIC
140 vistas17 diapositivas
32nd TWNIC IP OPM: ROA+ROV deployment & industry development por
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
398 vistas37 diapositivas
SANOG 33: APNIC Routing Registry and ROAs por
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs APNIC
327 vistas22 diapositivas
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne... por
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
521 vistas28 diapositivas
RPKI Service Updates by Brenda Buwu por
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
235 vistas20 diapositivas
APNIC RPKI Service Update: MyIX/MyNOG 2017 por
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC
354 vistas20 diapositivas

Similar a MyNOG 10: Cleaning up your RPKI invalids(20)

PacNOG 31: Cleaning up your RPKI invalids por APNIC
PacNOG 31: Cleaning up your RPKI invalidsPacNOG 31: Cleaning up your RPKI invalids
PacNOG 31: Cleaning up your RPKI invalids
APNIC140 vistas
32nd TWNIC IP OPM: ROA+ROV deployment & industry development por APNIC
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
APNIC398 vistas
SANOG 33: APNIC Routing Registry and ROAs por APNIC
SANOG 33: APNIC Routing Registry and ROAs SANOG 33: APNIC Routing Registry and ROAs
SANOG 33: APNIC Routing Registry and ROAs
APNIC327 vistas
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne... por APNIC
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
APNIC521 vistas
RPKI Service Updates by Brenda Buwu por MyNOG
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda Buwu
MyNOG235 vistas
APNIC RPKI Service Update: MyIX/MyNOG 2017 por APNIC
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC354 vistas
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper... por Indonesia Network Operators Group
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
Indonesia Network Operators Group656 vistas
Introduction to RPKI por APNIC
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
APNIC1.4K vistas
Securing the Global Routing System and the Approach of Operators por APNIC
Securing the Global Routing System and the Approach of OperatorsSecuring the Global Routing System and the Approach of Operators
Securing the Global Routing System and the Approach of Operators
APNIC193 vistas
RPKI Deployment Status in Bangladesh por Bangladesh Network Operators Group
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group153 vistas
Rpki -manrs_(7_september) por NaveenLakshman
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)
NaveenLakshman47 vistas
PacNOG 23: Secure routing with RPKI por APNIC
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKI
APNIC258 vistas
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids por APNIC
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalidsVNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
APNIC427 vistas
IPv4 transfer presentation, SGNOG4 por APNIC
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
APNIC1.8K vistas
Routing Security por RIPE NCC
Routing SecurityRouting Security
Routing Security
RIPE NCC42 vistas
IDNOG 6: RQC and RPKI por APNIC
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKI
APNIC559 vistas
Is IPv6 Really Faster? por APNIC
Is IPv6 Really Faster?Is IPv6 Really Faster?
Is IPv6 Really Faster?
APNIC271 vistas
Securing the global routing system and the approach of operators por APNIC
Securing the global routing system and the approach of operatorsSecuring the global routing system and the approach of operators
Securing the global routing system and the approach of operators
APNIC675 vistas
NZNOG 2019: The State of Routing (In)Security por APNIC
NZNOG 2019: The State of Routing (In)SecurityNZNOG 2019: The State of Routing (In)Security
NZNOG 2019: The State of Routing (In)Security
APNIC299 vistas
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro... por akg1330
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...
akg1330674 vistas

Más de APNIC

IETF 118: Starlink Protocol Performance por
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceAPNIC
394 vistas22 diapositivas
HKNOG 12.0: RPKI Actions Required by HK Networks por
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksAPNIC
512 vistas26 diapositivas
KHNOG 5: RPKI Status Update por
KHNOG 5: RPKI Status UpdateKHNOG 5: RPKI Status Update
KHNOG 5: RPKI Status UpdateAPNIC
403 vistas25 diapositivas
KHNOG 5: APNIC Services por
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesAPNIC
416 vistas15 diapositivas
PITA Strategy Forum 2023: Internet resilience por
PITA Strategy Forum 2023: Internet resiliencePITA Strategy Forum 2023: Internet resilience
PITA Strategy Forum 2023: Internet resilienceAPNIC
440 vistas7 diapositivas
SANOG 40: DDoS in South Asia por
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South AsiaAPNIC
352 vistas52 diapositivas

Más de APNIC(20)

IETF 118: Starlink Protocol Performance por APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC394 vistas
HKNOG 12.0: RPKI Actions Required by HK Networks por APNIC
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK Networks
APNIC512 vistas
KHNOG 5: RPKI Status Update por APNIC
KHNOG 5: RPKI Status UpdateKHNOG 5: RPKI Status Update
KHNOG 5: RPKI Status Update
APNIC403 vistas
KHNOG 5: APNIC Services por APNIC
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC Services
APNIC416 vistas
PITA Strategy Forum 2023: Internet resilience por APNIC
PITA Strategy Forum 2023: Internet resiliencePITA Strategy Forum 2023: Internet resilience
PITA Strategy Forum 2023: Internet resilience
APNIC440 vistas
SANOG 40: DDoS in South Asia por APNIC
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South Asia
APNIC352 vistas
SANOG 40: RPKI in South Asia por APNIC
SANOG 40: RPKI in South AsiaSANOG 40: RPKI in South Asia
SANOG 40: RPKI in South Asia
APNIC353 vistas
RenasCON 2023: Learning from honeypots por APNIC
RenasCON 2023: Learning from honeypotsRenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypots
APNIC429 vistas
IGF 2023: DNS Privacy por APNIC
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS Privacy
APNIC434 vistas
MNSEC Conference 2023: Mining Bots por APNIC
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining Bots
APNIC424 vistas
VNIX-NOG 2023: IPv6 Deployment in government networks por APNIC
VNIX-NOG 2023: IPv6 Deployment in government networksVNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networks
APNIC431 vistas
SGNOG 10: IPv6 Insights in South East Asia por APNIC
SGNOG 10: IPv6 Insights in South East AsiaSGNOG 10: IPv6 Insights in South East Asia
SGNOG 10: IPv6 Insights in South East Asia
APNIC416 vistas
mnNOG 5: Open source SD-WAN por APNIC
mnNOG 5: Open source SD-WANmnNOG 5: Open source SD-WAN
mnNOG 5: Open source SD-WAN
APNIC482 vistas
mnNOG 2023: State of IPv6 in Mongolia por APNIC
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
APNIC933 vistas
mnNOG 2023: On GEOs, LEOs and Starlink por APNIC
mnNOG 2023: On GEOs, LEOs and StarlinkmnNOG 2023: On GEOs, LEOs and Starlink
mnNOG 2023: On GEOs, LEOs and Starlink
APNIC496 vistas
AusNOG 2023: RPKI and whois updates por APNIC
AusNOG 2023: RPKI and whois updatesAusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updates
APNIC566 vistas
AusNOG 2023: A quick look at QUIC por APNIC
AusNOG 2023: A quick look at QUICAusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUIC
APNIC583 vistas
APrIGF 2023: Sustainability of Complementary Connectivity Initiatives por APNIC
APrIGF 2023: Sustainability of Complementary Connectivity InitiativesAPrIGF 2023: Sustainability of Complementary Connectivity Initiatives
APrIGF 2023: Sustainability of Complementary Connectivity Initiatives
APNIC607 vistas
APAN 56: APNIC Report por APNIC
APAN 56: APNIC Report APAN 56: APNIC Report
APAN 56: APNIC Report
APNIC293 vistas
2023 NCIT: Introduction to Intrusion Detection por APNIC
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
APNIC172 vistas

Último

How to think like a threat actor for Kubernetes.pptx por
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 vistas33 diapositivas
Affiliate Marketing por
Affiliate MarketingAffiliate Marketing
Affiliate MarketingNavin Dhanuka
17 vistas30 diapositivas
hamro digital logics.pptx por
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptxtupeshghimire
9 vistas36 diapositivas
Marketing and Community Building in Web3 por
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3Federico Ast
14 vistas64 diapositivas
The Dark Web : Hidden Services por
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
5 vistas24 diapositivas
Building trust in our information ecosystem: who do we trust in an emergency por
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergencyTina Purnat
109 vistas18 diapositivas

Último(9)

How to think like a threat actor for Kubernetes.pptx por LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 vistas
Affiliate Marketing por Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka17 vistas
hamro digital logics.pptx por tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire9 vistas
Marketing and Community Building in Web3 por Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast14 vistas
The Dark Web : Hidden Services por Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh5 vistas
Building trust in our information ecosystem: who do we trust in an emergency por Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat109 vistas
WEB 2.O TOOLS: Empowering education.pptx por narmadhamanohar21
WEB 2.O TOOLS: Empowering education.pptxWEB 2.O TOOLS: Empowering education.pptx
WEB 2.O TOOLS: Empowering education.pptx
narmadhamanohar2116 vistas
PORTFOLIO 1 (Bret Michael Pepito).pdf por brejess0410
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04109 vistas
information por khelgishekhar
informationinformation
information
khelgishekhar10 vistas

MyNOG 10: Cleaning up your RPKI invalids