SlideShare una empresa de Scribd logo

RPKI Service Updates by Brenda Buwu

MyNOG
MyNOG

APNIC RPKI Service. More info www.mynog.org

Datos y análisis
1 de 20
Descargar para leer sin conexión
MyNOG 2017 APNIC RPKI Service Update Brenda Buwu, Network Engineer brenda@apnic.net
RPKI in Malaysia at a glance 2 ASN IPv4 holders IPv6 holders Delegated 199 227 154 Active in RPKI 11 12 5 •  Low levels of participation — <10% in all categories •  This is mostly a ‘one click’ activity in MyAPNIC, so easy to engage! •  Percentage coverage of active BGP by address range high: 100% in IPv6, >75% in IPv4 •  Please log in to your MyAPNIC account and enable RPKI It’s your address and routing plan: protect it!
What does the current APNIC RPKI look like? 3 APNIC from IANA TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA
APNIC is altering its RPKI TA model •  PKI depends on a Trust Anchor (TA) model –  Validation of all signed objects is under a given TA –  The TA is external, supplied; foundation of the trust system •  The current APNIC RPKI depends on five TAs –  Pre-emptively architected to align with real-world and future unified global RPKI model –  BUT, unification has not emerged; instead complex divergent set of TAs across the five RIRs –  All RIRs’ TAs converging into a single, consistent TA model – each RIR can certify any resource 4
Why is this happening? •  Increase RIR consistency by aligning on TA approach –  We will now operate a mutually consistent model •  Reduce invalidity risks: –  Internet transfers (inter and intra) are frequent — resources are coming into or leaving any given RIR each month –  Necessitates changes in the TA to reflect these shrinkages and growth events –  Each transaction is a risk window for a process failure –  TA work is now far less frequent; no changes as resources move between RIRs, or are assigned by IANA 5
How can transfers affect validity? •  Transfer occurs, but operator errors/bugs leaves TA unpublished •  Online CA over-claims: invalid •  All Member CAs become invalid, not just those receiving transferred resources 6 APNIC TA APNIC from RIR CA Mem. CA ✔ Mem. CA Mem. CA ✘ Mem. CA ✘ ✘ ✘ ✘
How can this problem be resolved? •  Draft IETF document (draft-ietf-sidr-rpki-validation- reconsidered) allowing an over-claiming certificate to be considered valid for those resources that are covered by its issuer •  But still some time before the document is finalized, and longer still until relying party software is upgraded and deployed 7
Failure in RPKI has wide consequences •  Operational failure high in the tree is catastrophic –  All resources under that arc of a tree (for a TA, all resources!) are invalid •  Each transaction is a risk window for a process failure –  All failures in the APNIC TA risks invalidating all products across the Asia Pacific –  APNIC felt this risk was unacceptable •  APNIC has decided to re-architect to a model that removes this risk, and also removes operational complexity under transfers •  Reunify under one TA — make that TA ‘all resources’ 8
How does the transition happen? (1) 9 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA - APNIC TA expanded to cover 0/0, ::/0, AS1-4294967295
How does the transition happen? (2) 10 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - APNIC TA issues new intermediate online certificate - Intermediate certificate also covers 0/0, ::/0, AS1-4294967295
How does the transition happen? (3) 11 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - One existing online certificate is re-signed by the intermediate
How does the transition happen? (4) 12 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Remaining online certificates are re-signed by the intermediate
How does the transition happen? (5) 13 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Unused TAs are withdrawn from publication
What is the state after the transition? 14 APNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA LACNIC TA RIPE TAARIN TAAFRINIC TA - All RIRs look the same … … … …
How does the transition help this? •  If the TA claims all resources, it’s impossible for the online CA to over- claim •  Mass invalidity due to over-claiming can’t occur 15 APNIC TA (0/0, ::/0, AS1-4294967295) APNIC from RIR CA Mem. CA ✔ ✔ Mem. CA Mem. CA ✔ ✔✔ always
How can TA work affect validity? •  APNIC’s TAs are backed by a Hardware Security Module (HSM), as are those of the other RIRs •  A great deal of care must be exercised when using an HSM –  For example, devices may have policies such that a certain number of failed authentication attempts leads to irreversible key destruction •  The more TA work that is happening, the greater the risk 16
How does the transition help this? •  By having the TA be responsible for all resources, the need to do TA work is limited to scheduled and well-understood events: –  Manifest/CRL reissuance –  TA reissuance 17
What do I need to do? •  If you only issue ROAs: –  No change required •  If you run relying party software: –  Once APNIC has announced the successful transition, remove the unused TAs from configuration and cache –  However, leaving them in place will not affect validity outcomes 18
When will this happen? •  Previously planned for September •  Some problems that were found during the testbed transition meant that deployment has been delayed so that further testing can occur •  Update to the new single-TA model is expected to be completed by the end of October •  The four unused TAs will be withdrawn in 2018 https://www.apnic.net/single-ta-transition 19
Thanks!

Recomendados

Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonMyNOG
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaMyNOG
 
New Market Evaluation Strategy Guide
New Market Evaluation Strategy GuideNew Market Evaluation Strategy Guide
New Market Evaluation Strategy GuideMyNOG
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
IPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanIPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanAPNIC
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 

Recomendados

Peering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonPeering Talk 101 by Douglas Wilson
Peering Talk 101 by Douglas WilsonMyNOG
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaMyNOG
 
New Market Evaluation Strategy Guide
New Market Evaluation Strategy GuideNew Market Evaluation Strategy Guide
New Market Evaluation Strategy GuideMyNOG
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
IPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanIPv6 Progress and Challenges in Japan
IPv6 Progress and Challenges in JapanAPNIC
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 
Zombie DNS
Zombie DNSZombie DNS
Zombie DNSAPNIC
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TAAPNIC
 
ION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and TrendsION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and TrendsDeploy360 Programme (Internet Society)
 
APNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC
 
APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment UpdateBangladesh Network Operators Group
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungMyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursorTom Paseka
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's askingAPNIC
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 UpdateAPNIC
 
Building Cloudscale Networks
Building Cloudscale NetworksBuilding Cloudscale Networks
Building Cloudscale NetworksAmazon Web Services
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
 
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOGIndonesia Network Operators Group
 
MyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsAPNIC
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 

Más contenido relacionado

La actualidad más candente

Zombie DNS
Zombie DNSZombie DNS
Zombie DNSAPNIC
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TAAPNIC
 
APNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC
 
APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungMyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursorTom Paseka
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's askingAPNIC
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 UpdateAPNIC
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
 
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOGIndonesia Network Operators Group
 

La actualidad más candente (20)

Zombie DNS
Zombie DNSZombie DNS
Zombie DNS
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TA
 
ION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and TrendsION Hangzhou - IPv6 in Asia: Laggards and Trends
ION Hangzhou - IPv6 in Asia: Laggards and Trends
 
APNIC Member Gathering, China
APNIC Member Gathering, ChinaAPNIC Member Gathering, China
APNIC Member Gathering, China
 
APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric Leung
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursor
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's asking
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
 
An IPv6 Update
An IPv6 UpdateAn IPv6 Update
An IPv6 Update
 
Building Cloudscale Networks
Building Cloudscale NetworksBuilding Cloudscale Networks
Building Cloudscale Networks
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
 
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
 

Similar a RPKI Service Updates by Brenda Buwu

MyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsAPNIC
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTMMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...CA Technologies
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...CA Technologies
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC
 
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn RedCase Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn RedCA Technologies
 
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...CA Technologies
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...Imperva Incapsula
 
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Rackspace Academy
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksAreaNetworking.it
 
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10CA Technologies
 
Improve Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAsImprove Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAsCA Technologies
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingVasily Demin
 
Seun_slides_icann day
Seun_slides_icann daySeun_slides_icann day
Seun_slides_icann dayAFRINIC
 

Similar a RPKI Service Updates by Brenda Buwu (20)

MyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalidsMyNOG 10: Cleaning up your RPKI invalids
MyNOG 10: Cleaning up your RPKI invalids
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKI
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTMMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
 
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
Case Study: Appriss Supercharges ITSM Efficiency With Process Automation to...
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
Tech Talk: Leverage the combined power of CA Unified Infrastructure Managemen...
 
APNIC Member Gathering: Myanmar
APNIC Member Gathering: MyanmarAPNIC Member Gathering: Myanmar
APNIC Member Gathering: Myanmar
 
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn RedCase Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
Case Study: Verizon Wireless: Chasing the Yellow Before They Turn Red
 
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
Hands-On Labs: Identifying Application Delivery Performance Problems with CA ...
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
 
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area Networks
 
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10
 
Improve Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAsImprove Network Latency and Hold Service Providers to SLAs
Improve Network Latency and Hold Service Providers to SLAs
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishing
 
Seun_slides_icann day
Seun_slides_icann daySeun_slides_icann day
Seun_slides_icann day
 

Más de MyNOG

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...MyNOG
 

Más de MyNOG (20)

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
 

Último

➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...amitlee9823
 
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...amitlee9823
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsJoseMangaJr1
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKTimothy Spann
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...amitlee9823
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramMoniSankarHazra
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 

Último (20)

➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter Lessons
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 

RPKI Service Updates by Brenda Buwu

  • 1. MyNOG 2017 APNIC RPKI Service Update Brenda Buwu, Network Engineer brenda@apnic.net
  • 2. RPKI in Malaysia at a glance 2 ASN IPv4 holders IPv6 holders Delegated 199 227 154 Active in RPKI 11 12 5 •  Low levels of participation — <10% in all categories •  This is mostly a ‘one click’ activity in MyAPNIC, so easy to engage! •  Percentage coverage of active BGP by address range high: 100% in IPv6, >75% in IPv4 •  Please log in to your MyAPNIC account and enable RPKI It’s your address and routing plan: protect it!
  • 3. What does the current APNIC RPKI look like? 3 APNIC from IANA TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA
  • 4. APNIC is altering its RPKI TA model •  PKI depends on a Trust Anchor (TA) model –  Validation of all signed objects is under a given TA –  The TA is external, supplied; foundation of the trust system •  The current APNIC RPKI depends on five TAs –  Pre-emptively architected to align with real-world and future unified global RPKI model –  BUT, unification has not emerged; instead complex divergent set of TAs across the five RIRs –  All RIRs’ TAs converging into a single, consistent TA model – each RIR can certify any resource 4
  • 5. Why is this happening? •  Increase RIR consistency by aligning on TA approach –  We will now operate a mutually consistent model •  Reduce invalidity risks: –  Internet transfers (inter and intra) are frequent — resources are coming into or leaving any given RIR each month –  Necessitates changes in the TA to reflect these shrinkages and growth events –  Each transaction is a risk window for a process failure –  TA work is now far less frequent; no changes as resources move between RIRs, or are assigned by IANA 5
  • 6. How can transfers affect validity? •  Transfer occurs, but operator errors/bugs leaves TA unpublished •  Online CA over-claims: invalid •  All Member CAs become invalid, not just those receiving transferred resources 6 APNIC TA APNIC from RIR CA Mem. CA ✔ Mem. CA Mem. CA ✘ Mem. CA ✘ ✘ ✘ ✘
  • 7. How can this problem be resolved? •  Draft IETF document (draft-ietf-sidr-rpki-validation- reconsidered) allowing an over-claiming certificate to be considered valid for those resources that are covered by its issuer •  But still some time before the document is finalized, and longer still until relying party software is upgraded and deployed 7
  • 8. Failure in RPKI has wide consequences •  Operational failure high in the tree is catastrophic –  All resources under that arc of a tree (for a TA, all resources!) are invalid •  Each transaction is a risk window for a process failure –  All failures in the APNIC TA risks invalidating all products across the Asia Pacific –  APNIC felt this risk was unacceptable •  APNIC has decided to re-architect to a model that removes this risk, and also removes operational complexity under transfers •  Reunify under one TA — make that TA ‘all resources’ 8
  • 9. How does the transition happen? (1) 9 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA - APNIC TA expanded to cover 0/0, ::/0, AS1-4294967295
  • 10. How does the transition happen? (2) 10 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - APNIC TA issues new intermediate online certificate - Intermediate certificate also covers 0/0, ::/0, AS1-4294967295
  • 11. How does the transition happen? (3) 11 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - One existing online certificate is re-signed by the intermediate
  • 12. How does the transition happen? (4) 12 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Remaining online certificates are re-signed by the intermediate
  • 13. How does the transition happen? (5) 13 APNIC TA APNIC from RIPE TA APNIC from ARIN TA APNIC from AFRINIC TA APNIC from LACNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA - Unused TAs are withdrawn from publication
  • 14. What is the state after the transition? 14 APNIC TA APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA Member CAs Member CAs Member CAs Member CAs Member CAs APNIC from IANA CA APNIC from AFRINIC CA APNIC from ARIN CA APNIC from RIPE CA APNIC from LACNIC CA APNIC from IANA CA APNIC from RIPE CA APNIC from ARIN CA APNIC from AFRINIC CA APNIC from LACNIC CA APNIC Intermed. CA LACNIC TA RIPE TAARIN TAAFRINIC TA - All RIRs look the same … … … …
  • 15. How does the transition help this? •  If the TA claims all resources, it’s impossible for the online CA to over- claim •  Mass invalidity due to over-claiming can’t occur 15 APNIC TA (0/0, ::/0, AS1-4294967295) APNIC from RIR CA Mem. CA ✔ ✔ Mem. CA Mem. CA ✔ ✔✔ always
  • 16. How can TA work affect validity? •  APNIC’s TAs are backed by a Hardware Security Module (HSM), as are those of the other RIRs •  A great deal of care must be exercised when using an HSM –  For example, devices may have policies such that a certain number of failed authentication attempts leads to irreversible key destruction •  The more TA work that is happening, the greater the risk 16
  • 17. How does the transition help this? •  By having the TA be responsible for all resources, the need to do TA work is limited to scheduled and well-understood events: –  Manifest/CRL reissuance –  TA reissuance 17
  • 18. What do I need to do? •  If you only issue ROAs: –  No change required •  If you run relying party software: –  Once APNIC has announced the successful transition, remove the unused TAs from configuration and cache –  However, leaving them in place will not affect validity outcomes 18
  • 19. When will this happen? •  Previously planned for September •  Some problems that were found during the testbed transition meant that deployment has been delayed so that further testing can occur •  Update to the new single-TA model is expected to be completed by the end of October •  The four unused TAs will be withdrawn in 2018 https://www.apnic.net/single-ta-transition 19