PacNOG 31: Cleaning up your RPKI invalids

APNIC
APNICAPNIC
1 Cleaning up your RPKI invalids Elly Tawhai PacNOG 31 elly@apnic.net
2 2 What is RPKI? A robust security framework for verifying the association between resource holders and their Internet number resources. 2
3 3 Route Origin Authorization What is contained in a ROA? – The AS number you have authorized – The prefix that is being originated from it – The most specific prefix (maximum length) that the AS may announce For example: “ISP 4 permits AS65551 to originate a route for the prefix 198.51.100.0/24" 3
4 4 Route Origin Validation • Valid – The prefix (prefix length) and AS pair found in the database • Invalid – Prefix is found, but origin-AS is wrong, OR – The prefix length is longer than the maximum length 4
5 5 Route Origin Validation 5 https://isbgpsafeyet.com/
6 6 RPKI invalids 6
7 7 RPKI invalids 7 Validation result IPv4 count Invalid origin ASN 305 Invalid origin ASN and Max Length 138 Invalid Max Length 1333 Routeviews collector SG and Routunator
8 8 RPKI invalids in Vanuatu 8 Validation result IPv4 count Invalid origin ASN - Invalid origin ASN and Max Length - Invalid Max Length 1
9 9 RPKI invalids 9 Origin ASN AS Name Economy No. of invalid routes AS9249 VUTELECOM- AS01-VU-APC VU 1
10 10 ROA Prevalidation 10
11 11 ROA Prevalidation 11 • Validate changes submitted via MyAPNIC to ensure that they won’t cause problems in BGP • Allows Members to override if necessary
12 12 Routing status alerts in DASH 12 https://dash.apnic.net/
13 13 Routing status alerts in DASH 13
14 14 ROA alert filters in DASH 14
15 15 ROA coverage – Vanuatu
16 16 Access to RPKI 16 Request a Digital Certificate (2FA) Corporate Contact approves request Install Digital Certificate Corporate Contact gives RPKI update permission Enable RPKI in MyAPNIC Create ROA Simplified … Get access to MyAPNIC Set up TOTP (2FA) Enable RPKI in MyAPNIC Create ROA
17 Questions?
1 de 17

PacNOG 31: Cleaning up your RPKI invalids

Descargar para leer sin conexión
Internet

APNIC Senior Internet Resource Analyst Elly Tawhai presents on the importance of RPKI and cleaning up invalids at PacNOG 31, held from 26 to 30 June 2023 in Port Vila, Vanuatu.

APNIC
APNICAPNIC

Recomendados

INNOG 6: Cleaning up your RPKI invalides por
INNOG 6: Cleaning up your RPKI invalidesINNOG 6: Cleaning up your RPKI invalides
INNOG 6: Cleaning up your RPKI invalidesAPNIC
197 vistas17 diapositivas
PacNOG 23: Secure routing with RPKI por
PacNOG 23: Secure routing with RPKIPacNOG 23: Secure routing with RPKI
PacNOG 23: Secure routing with RPKIAPNIC
258 vistas19 diapositivas
MyNOG 10: Cleaning up your RPKI invalids por
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsAPNIC
260 vistas19 diapositivas
Cleaning up your RPKI invalids por
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
30 vistas19 diapositivas
Routing Security por
Routing SecurityRouting Security
Routing SecurityRIPE NCC
42 vistas58 diapositivas
Rpki -manrs_(7_september) por
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
47 vistas68 diapositivas

Más contenido relacionado

Similar a PacNOG 31: Cleaning up your RPKI invalids

Peering Asia 2.0: RPKI for Peering por
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringAPNIC
580 vistas22 diapositivas
32nd TWNIC IP OPM: ROA+ROV deployment & industry development por
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
398 vistas37 diapositivas
NZNOG 2019: The State of Routing (In)Security por
NZNOG 2019: The State of Routing (In)SecurityNZNOG 2019: The State of Routing (In)Security
NZNOG 2019: The State of Routing (In)SecurityAPNIC
299 vistas49 diapositivas
Protecting Your Internet Route Integrity por
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityJie Liau
519 vistas28 diapositivas
IDNOG 6: RQC and RPKI por
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKIAPNIC
559 vistas24 diapositivas
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne... por
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...APNIC
521 vistas28 diapositivas

Similar a PacNOG 31: Cleaning up your RPKI invalids(20)

Peering Asia 2.0: RPKI for Peering por APNIC
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for Peering
APNIC580 vistas
32nd TWNIC IP OPM: ROA+ROV deployment & industry development por APNIC
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
APNIC398 vistas
NZNOG 2019: The State of Routing (In)Security por APNIC
NZNOG 2019: The State of Routing (In)SecurityNZNOG 2019: The State of Routing (In)Security
NZNOG 2019: The State of Routing (In)Security
APNIC299 vistas
Protecting Your Internet Route Integrity por Jie Liau
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
Jie Liau519 vistas
IDNOG 6: RQC and RPKI por APNIC
IDNOG 6: RQC and RPKIIDNOG 6: RQC and RPKI
IDNOG 6: RQC and RPKI
APNIC559 vistas
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne... por APNIC
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
APNIC521 vistas
ESNOG 29-Alvaro_Vives-Routing_Security.pdf por RIPE NCC
ESNOG 29-Alvaro_Vives-Routing_Security.pdfESNOG 29-Alvaro_Vives-Routing_Security.pdf
ESNOG 29-Alvaro_Vives-Routing_Security.pdf
RIPE NCC26 vistas
RPKI Tutorial por Bangladesh Network Operators Group
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
Bangladesh Network Operators Group1.3K vistas
IDNOG 2: AS interconnection in indonesia por APNIC
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesia
APNIC1.1K vistas
State of RPKI in Cambodia and SEA, presentation by Shane Hermoso for KHNOG por APNIC
State of RPKI in Cambodia and SEA, presentation by Shane Hermoso for KHNOG State of RPKI in Cambodia and SEA, presentation by Shane Hermoso for KHNOG
State of RPKI in Cambodia and SEA, presentation by Shane Hermoso for KHNOG
APNIC148 vistas
IPv4 transfer presentation, SGNOG4 por APNIC
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
APNIC1.8K vistas
LKNOG 2: Robust and Secure Connections por APNIC
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure Connections
APNIC301 vistas
RPKI por RIPE NCC
RPKIRPKI
RPKI
RIPE NCC44 vistas
Introduction to RPKI por APNIC
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
APNIC1.4K vistas
Introduction to RPKI - MyNOG por Siena Perry
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
Siena Perry1.4K vistas
Introduction to RPKI by Sheryl (Shane) Hermoso por MyNOG
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
MyNOG1.6K vistas
Securing global routing system and operators approach por APNIC
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approach
APNIC817 vistas
RPKI Overview, Case Studies, Deployment and Operations por APNIC
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and Operations
APNIC183 vistas
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya por Indonesia Network Operators Group
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
Indonesia Network Operators Group1.2K vistas
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters por APNIC
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
APNIC279 vistas

Más de APNIC

IETF 118: Starlink Protocol Performance por
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceAPNIC
297 vistas22 diapositivas
HKNOG 12.0: RPKI Actions Required by HK Networks por
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksAPNIC
492 vistas26 diapositivas
KHNOG 5: RPKI Status Update por
KHNOG 5: RPKI Status UpdateKHNOG 5: RPKI Status Update
KHNOG 5: RPKI Status UpdateAPNIC
401 vistas25 diapositivas
KHNOG 5: APNIC Services por
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesAPNIC
414 vistas15 diapositivas
PITA Strategy Forum 2023: Internet resilience por
PITA Strategy Forum 2023: Internet resiliencePITA Strategy Forum 2023: Internet resilience
PITA Strategy Forum 2023: Internet resilienceAPNIC
438 vistas7 diapositivas
SANOG 40: DDoS in South Asia por
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South AsiaAPNIC
350 vistas52 diapositivas

Más de APNIC(20)

IETF 118: Starlink Protocol Performance por APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC297 vistas
HKNOG 12.0: RPKI Actions Required by HK Networks por APNIC
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK Networks
APNIC492 vistas
KHNOG 5: RPKI Status Update por APNIC
KHNOG 5: RPKI Status UpdateKHNOG 5: RPKI Status Update
KHNOG 5: RPKI Status Update
APNIC401 vistas
KHNOG 5: APNIC Services por APNIC
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC Services
APNIC414 vistas
PITA Strategy Forum 2023: Internet resilience por APNIC
PITA Strategy Forum 2023: Internet resiliencePITA Strategy Forum 2023: Internet resilience
PITA Strategy Forum 2023: Internet resilience
APNIC438 vistas
SANOG 40: DDoS in South Asia por APNIC
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South Asia
APNIC350 vistas
SANOG 40: RPKI in South Asia por APNIC
SANOG 40: RPKI in South AsiaSANOG 40: RPKI in South Asia
SANOG 40: RPKI in South Asia
APNIC351 vistas
RenasCON 2023: Learning from honeypots por APNIC
RenasCON 2023: Learning from honeypotsRenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypots
APNIC428 vistas
IGF 2023: DNS Privacy por APNIC
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS Privacy
APNIC429 vistas
MNSEC Conference 2023: Mining Bots por APNIC
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining Bots
APNIC423 vistas
VNIX-NOG 2023: IPv6 Deployment in government networks por APNIC
VNIX-NOG 2023: IPv6 Deployment in government networksVNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networks
APNIC429 vistas
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids por APNIC
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalidsVNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
APNIC424 vistas
SGNOG 10: IPv6 Insights in South East Asia por APNIC
SGNOG 10: IPv6 Insights in South East AsiaSGNOG 10: IPv6 Insights in South East Asia
SGNOG 10: IPv6 Insights in South East Asia
APNIC416 vistas
mnNOG 5: Open source SD-WAN por APNIC
mnNOG 5: Open source SD-WANmnNOG 5: Open source SD-WAN
mnNOG 5: Open source SD-WAN
APNIC482 vistas
mnNOG 2023: State of IPv6 in Mongolia por APNIC
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
APNIC933 vistas
mnNOG 2023: On GEOs, LEOs and Starlink por APNIC
mnNOG 2023: On GEOs, LEOs and StarlinkmnNOG 2023: On GEOs, LEOs and Starlink
mnNOG 2023: On GEOs, LEOs and Starlink
APNIC496 vistas
AusNOG 2023: RPKI and whois updates por APNIC
AusNOG 2023: RPKI and whois updatesAusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updates
APNIC566 vistas
AusNOG 2023: A quick look at QUIC por APNIC
AusNOG 2023: A quick look at QUICAusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUIC
APNIC583 vistas
APrIGF 2023: Sustainability of Complementary Connectivity Initiatives por APNIC
APrIGF 2023: Sustainability of Complementary Connectivity InitiativesAPrIGF 2023: Sustainability of Complementary Connectivity Initiatives
APrIGF 2023: Sustainability of Complementary Connectivity Initiatives
APNIC607 vistas
APAN 56: APNIC Report por APNIC
APAN 56: APNIC Report APAN 56: APNIC Report
APAN 56: APNIC Report
APNIC293 vistas

Último

How to think like a threat actor for Kubernetes.pptx por
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 vistas33 diapositivas
Building trust in our information ecosystem: who do we trust in an emergency por
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergencyTina Purnat
100 vistas18 diapositivas
Is Entireweb better than Google por
Is Entireweb better than GoogleIs Entireweb better than Google
Is Entireweb better than Googlesebastianthomasbejan
12 vistas1 diapositiva
WEB 2.O TOOLS: Empowering education.pptx por
WEB 2.O TOOLS: Empowering education.pptxWEB 2.O TOOLS: Empowering education.pptx
WEB 2.O TOOLS: Empowering education.pptxnarmadhamanohar21
16 vistas16 diapositivas
Marketing and Community Building in Web3 por
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3Federico Ast
12 vistas64 diapositivas
information por
informationinformation
informationkhelgishekhar
9 vistas4 diapositivas

Último(8)

How to think like a threat actor for Kubernetes.pptx por LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 vistas
Building trust in our information ecosystem: who do we trust in an emergency por Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat100 vistas
Is Entireweb better than Google por sebastianthomasbejan
Is Entireweb better than GoogleIs Entireweb better than Google
Is Entireweb better than Google
sebastianthomasbejan12 vistas
WEB 2.O TOOLS: Empowering education.pptx por narmadhamanohar21
WEB 2.O TOOLS: Empowering education.pptxWEB 2.O TOOLS: Empowering education.pptx
WEB 2.O TOOLS: Empowering education.pptx
narmadhamanohar2116 vistas
Marketing and Community Building in Web3 por Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast12 vistas
information por khelgishekhar
informationinformation
information
khelgishekhar9 vistas
Affiliate Marketing por Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka16 vistas
PORTFOLIO 1 (Bret Michael Pepito).pdf por brejess0410
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04108 vistas

PacNOG 31: Cleaning up your RPKI invalids