Upload File

rpki deployment panel

19
Copyright © 2015 Japan Network Information Center RPKI deployment panel

Upload: apnic

Post on 13-Aug-2015

119 views

Category:

Internet


0 download

Report

Tags:

TRANSCRIPT

Page 1: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

RPKI deployment panel

Page 2: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

People

• Geoff Huston (chair)

• Fakrul Alam, bdHUB• A week with analysing RPKI status

• Tomoya Yoshida, Internet Multifeed• Deployment factors and current status

• Yoshinobu Matsuzaki, Internet Initiative Japan• RPKI deployment at ISP

• Taiji Kimura, Japan Network Information Center• About JPNIC’s RPKI

1

Page 3: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

RPKI Deployment Panel

• Purpose

• Gathering experienced operators voice

• Discuss further RPKI deployment for useful mechanism

2

Page 4: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Discussions

Page 5: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Deployment model

Public cache server

/

local cache server

4

Page 6: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Deployment model

RPKI in IXP

and

Route reflector

5

Page 7: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Deployment model

RPKI and IRR

6

Page 8: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

HOWTO

Configuring RPKI cache

and

Building own RPKI CA

7

Page 9: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

What do you do when…

Page 10: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

(Customer AS)

• Customer claims their prefix has been announced from other AS!

9

Page 11: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

(Own prefix)

• You found your prefix has no reachability from other region.What do you do?

10

Page 12: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

(Customer AS)

• Customer claims their prefix has been announced from other AS!What do you do?

11

Page 13: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

(DDoS mitigation)

• DDoS packets are coming!You found if other AS announces specific announce.

12

Page 14: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

JPNIC’s RPKI

Taiji Kimura

Page 15: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Issues on RPKI deployment in Japan

• Deployment for operators• How RPKI is use for people - BGP operators

• Language

14

Page 16: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Developing items and technical specifications

• Internationalization

• Database

• Authentication

• Redundancy and easy maintenance

• Server security

• Key management and PKI operation

15

Page 17: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Internationalization

16

Page 18: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

Further step

• Multi-language support

• Feedbacks for developer

17

Page 19: RPKI Deployment Panel

Copyright © 2015 Japan Network Information Center

It is time to release.

RPKI pilot service


Adventures in RPKI (non) deployment

ION San Diego - DNSSEC Deployment Panel Introductory Slides

Federal IPv6 Panel: Deployment Activities, Success Stories ... · Federal IPv6 Panel: Deployment Activities, Success Stories, and World IPv6 Day Experiences 2011 DREN Conference Moderator:

Secure and Scalable Deployment of Resource Public Key ...isyou.info/jisis/vol8/no1/jisis-2018-vol8-no1-03.pdfSecure and Scalable Deployment of Resource Public Key Infrastructure (RPKI)

Introduction to RPKI - MyNOG

RPKI is Coming of Age - Akamai€¦ · RPKI is Coming of Age A Longitudinal Study of RPKI Deployment and Invalid Route Origins Taejoong Chung Rochester Institute of Technology Emile

LAB: RPKI - BKNIX

RPKI Certification Tutorial

Are$We$There$Yet?$ On$RPKI$Deployment$and$Security$ · 2018-07-27 · TheResourcePublicKeyInfrastructure The$Resource$Public$Key$Infrastructure$(RPKI)$maps$IP$ preBixes$to$organizations$that$own$them[RFC$6480]$

UpDown RPKI LACNIC

Let’s adopt RPKI

IPv6 Campus Deployment Panel

IPv6 Deployment Panel

Resource Certification (RPKI)

Limiting the Power of RPKI Authorities · RPKI is a prerequisite for BGPSec [RFC 8205] that provides path validation. 3/19. Delegated and Hosted RPKI Delegated RPKI ... Trust Anchor

RPKI - UKNOF

RPKI with rpki.net Tools

RPKI is Coming of Age - acm sigcomm · 2019-11-11 · RPKI is Coming of Age A Longitudinal Study of RPKI Deployment and Invalid Route Origins Taejoong (Tijay) Chung§, Emile Aben†,

RPKI Tutorial(PDF)

Are We There Yet? On RPKI’s Deployment and Security · The Resource Public Key Infrastructure (RPKI) [38] is a hierarchical certi cation system. RPKI stores Route Ori-gin Authorizations

Internet Resource Certification (RPKI)slides.lacnic.net/wp-content/themes/slides/docs/...RPKI cer;ficates and rou;ng informaon objects: – The cryptographic validity of the RPKI

DISCO: Sidestepping RPKI’s Deployment Barriersebk2141/papers/disco-ndss20.pdf · Resource Public Key Infrastructure (RPKI), which binds IP address blocks to “owner” ASes via

IPv6, DNSSEC, RPKI, etc.: What s the Holdup and … · IPv6, DNSSEC, RPKI, etc.: What’s the Holdup and How Can We Help? ... • Why IPv6 matters • New ISOC deployment initiative

Are We There Yet? On RPKI Deployment and Security · 2019-01-22 · The Resource Public Key Infrastructure The Resource Public Key Infrastructure (RPKI) maps IP preBixes to organizations

RPKI Engineering Update

RPKI Deployment Status in Bangladesh

Are We There Yet? On RPKI Deployment and Security

RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin … · 2013-08-21 · started with the deployment of the Resource Public Key Infrastructure (RPKI). It allows for

The RPKI Documentation

BGP Resource Public Key Infrastructure (RPKI) … Resource Public Key Infrastructure (RPKI) Origin Validation . ... Overview of RPKI ... Figure 5 shows the high-level network diagram

Deployment of a Rigid Panel by Tape-Springssslab/PUBLICATIONS/Deployment of a rigid panel by... · v Principal Nomenclature ˙,¨ first and second time derivatives, respectively

What’s Next: DNSSEC & RPKI

RPKI PRÁCTICO - LACNIC

RPKI Tutorial

Deployment factors and Current status - APNIC · 2018. 1. 23. · RPKI deployment factors 17 RPKI service Operational practice Routers implementation variety of tools Motivation