rpki
play

RPKI A quick configuration intro Massimiliano Stucchi | 19th - PowerPoint PPT Presentation

Feb 19, 2024 •389 likes •562 views

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI Overview Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 2 Simply put 3 parts - Create certificates - Install/run validator -

  1. RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33

  2. RPKI Overview Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 2

  3. Simply put • 3 parts - Create certificates - Install/run validator - Validate certificates (router configuration) Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 3

  4. RPKI Overview 1 2 3 Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 4

  5. 1. Creating ROAs Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 5

  6. 2. Validator • Download from RIPE NCC - https://www.ripe.net/manage-ips-and-asns/resource- management/certification/tools-and-resources • Requires Java, rsync • Runs standalone • ./rpki-validator.sh start Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 6

  7. 3. Validate prefixes • Take routing decisions based on results of validation - Valid - Invalid - Unknown Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 7

  8. Support in Routers • Cisco : - XR 4.2.1 (CRS-x, ASR9000, c12K) / XR 5.1.1 (NCS6000, XRv) - XE 3.5 (C7200, c7600, ASR1K, CSR1Kv, ASR9k, ME3600…) - IOS15.2(1)S • Juniper has support since version 12.2 • Alcatel Lucent has support since SR-OS 12.0 R4 • Quagga has support through BGP-SRX • BIRD has support for ROA but does not do RPKI-RTR Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 8

  9. Cisco config - 1 route-map rpki-loc-pref permit 10 match rpki invalid set local-preference 90 ! route-map rpki-loc-pref permit 20 match rpki not-found set local-preference 100 ! route-map rpki-loc-pref permit 30 match rpki valid set local-preference 110 Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 9

  10. Cisco config - 2 router bgp 64500 bgp log-neighbor-changes bgp rpki server tcp 10.1.1.6 port 8282 refresh 5 network 192.0.2.0 neighbor 10.1.1.2 remote-as 64510 neighbor 10.1.1.2 route-map rpki-loc-pref in Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 10

  11. Juniper config - 1 policy-options { policy-statement validation { term valid { from { protocol bgp; validation-database valid; } then { validation-state valid; community add origin-validation-state-valid; next policy; } } } } Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 11

  12. Juniper config - 2 policy-options { policy-statement validation { term invalid { from { protocol bgp; validation-database invalid; } then { validation-state invalid; community add origin-validation-state-invalid; next policy; } } } } } Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 12

  13. Juniper config - 3 policy-options { policy-statement validation { term unknown { from protocol bgp; then { validation-state unknown; community add origin-validation-state- unknown; next policy; } } } } Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 13

  14. Juniper config - 4 protocols { bgp { group mypeers { import route-validation; peer-as 200; neighbor 10.1.1.2; } } } Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 14

  15. Routing Incidents • Misconfiguration - No malicious intentions - Software bugs • Malicious - Competition - Claiming “unused” space • Targeted Traffic Misdirection - Collect and/or tamper with data Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 15

  16. BGPsec • Still in draft state • Secures route propagation by using signatures in AS-Path Massimiliano Stucchi - RIPE NCC | 19 January 2016 | UKNOF 33 16

  17. Questions mstucchi@ripe.net @TrainingRIPENCC https://ripe.net/certification

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay) Chung (https://tijay.github.io) Assistant Professor Rochester Institute of Technology 1 Outlines RPKI deployment and invalid route origins

583 views • 43 slides
Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing RPKI Statistics challenges IRR Status Do we have a Research solution? Opportunities Using ARINs RPKI components @

889 views • 51 slides
Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1 Thursday, August 1, 13 RPKI Tools The authors believe the information already contained in the RPKI has value in itself, even for operators not

305 views • 11 slides
AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

SECURING THE INTERNET VALIDATING ROUTING WITH RPKI AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot 2020 RPKI Feb 20 ABOUT REANNZ New Zealands NREN Engineering team of 7

662 views • 54 slides
From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny Cooper Leonid Reyzin Sharon Goldberg Boston University Aug 2014 Overview Motivation: The RPKI* (2011 to present) secures interdomain routing,

660 views • 27 slides
Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania December 10, 2019 Research supported by NSF EAGER Award #1748362 Global RPKI Deployment ASes Validating Routes 5%, 5 3%, 3 9%, 8 12%, 11 71%, 65

216 views • 8 slides
RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing Security 2 Routing Registry route objects RPKI (Resource Public Key Infrastructure) ROAs (Route Origin Authorisation) RPKI and Routing

422 views • 31 slides
Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer

Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer

Applied Networking Research Workshop 2020 acm sigcomm Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer SIT Motivation - Resource Public Key Infrastructure (RPKI) secures the interdomain routing

586 views • 39 slides
Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0 Project: New RPKI system DNSSEC v2.0 Project: New DNSSEC signer IETF activities: Identity and join key WGs and RGs African Internet Resources

308 views • 13 slides
A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Validator http://rpki.net/ A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts Connection Counts Objects/Connection Seconds/Object Rob Austein

663 views • 32 slides
Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study. IETF 89 LONDRES MARCH 2014 Fabin Meja Why and who? BGP origin validation based on RPKI is in early stages of deployment. It is necessary to

314 views • 13 slides
MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston University Outline Background How does BGP work? How does RPKI work? What is the maxLength? How maxLength causes problems

741 views • 34 slides
Key Rollover for the RPKI Steve Kent (Channeling Geoff

Key Rollover for the RPKI Steve Kent (Channeling Geoff

Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston ) Key Rollover Document New doc: draC-huston-sidr-aao-profile-0-

494 views • 14 slides
Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of Connec2cut, Bar Ilan Univ, Fraunhofer SIT Joint project with Tomas Hlavacek, Yafim Kazak, Rafi Peretz, Fabian Sauer and Haya Shulman Route-Hijacking:

687 views • 36 slides
BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec

BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec

Advanced Network Security BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec Startng (almost) from scratch 2 Autonomous systems (AS) Internet is divided into Autonomous Systems (AS) Controlled by

815 views • 39 slides
The Current State of DNS Resolvers and RPKI Protection By Erik Dekker and Marius Brouwer 1

The Current State of DNS Resolvers and RPKI Protection By Erik Dekker and Marius Brouwer 1

The Current State of DNS Resolvers and RPKI Protection By Erik Dekker and Marius Brouwer 1 Motivation Why is this research important? 2 Motivation BGP is old First RFC was published in 1989 (RFC 1105) BGP was developed in times

457 views • 28 slides
SI425 : NLP Set 5 Nave Bayes Classification Motivation We want to predict something .

SI425 : NLP Set 5 Nave Bayes Classification Motivation We want to predict something .

SI425 : NLP Set 5 Nave Bayes Classification Motivation We want to predict something . We have some text related to this something. something = target label Y text = text features X Given X, what is the most probable Y?

1.25k views • 15 slides
Class 2 Topics Stages & Phases of Labor 2nd Stage Labor/Pushing Labor positions

Class 2 Topics Stages & Phases of Labor 2nd Stage Labor/Pushing Labor positions

5/15/2020 Welcome! Childbirth Preparation 4 Week Series Week 2 Class 2 Topics Stages & Phases of Labor 2nd Stage Labor/Pushing Labor positions Birth Video Coping Skills Your Hospital Stay Arrival at Hospital o

549 views • 11 slides
How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER

How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER

How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER BEFORE LOOK HERE IF Basics YOU DONT KNOW WHAT MINESWEEPER IS Minesweeper Board! Rectangular! Cells! Cells can be clear or mines 1 2 1

841 views • 58 slides
NDN protocol development: status of reference implementa5ons,

NDN protocol development: status of reference implementa5ons,

NDN protocol development: status of reference implementa5ons, suppor5ng so8ware releases, open architecture research issues Alex Afanasyev University of California,

202 views • 18 slides
Game Theory - Lecture #12 Outline: Randomized actions vNM & Bernoulli payoff functions

Game Theory - Lecture #12 Outline: Randomized actions vNM & Bernoulli payoff functions

Game Theory - Lecture #12 Outline: Randomized actions vNM & Bernoulli payoff functions Mixed strategies & Nash equilibrium Hawk/Dove & Mixed strategies Randomized action profiles Original strategic setup: Set of

361 views • 10 slides
CS344M Autonomous Multiagent Systems Todd Hester Department of Computer Science The University

CS344M Autonomous Multiagent Systems Todd Hester Department of Computer Science The University

CS344M Autonomous Multiagent Systems Todd Hester Department of Computer Science The University of Texas at Austin Good Afternoon, Colleagues Are there any questions? Todd Hester Logistics Next weeks readings up Todd Hester Logistics

995 views • 56 slides
Light pseudoscalar mesons in 2 + 1 flavor QCD Laurent Lellouch with S. Drr, Z. Fodor, C.

Light pseudoscalar mesons in 2 + 1 flavor QCD Laurent Lellouch with S. Drr, Z. Fodor, C.

Light pseudoscalar mesons in 2 + 1 flavor QCD Laurent Lellouch with S. Drr, Z. Fodor, C. Hoelbling, S. Katz, S. Krieg, T. Kurth, T. Lippert, K. Szabo, G. Vulvert arXiv:0710.4769 [hep-lat], arXiv:0710.4866 [hep-lat] CPT, Marseille All

450 views • 17 slides
A little bit more about ergodicity Jana Rodriguez Hertz ICTP 2018 counting fish mixing

A little bit more about ergodicity Jana Rodriguez Hertz ICTP 2018 counting fish mixing

counting fish mixing properties A little bit more about ergodicity Jana Rodriguez Hertz ICTP 2018 counting fish mixing properties mark and recapture method mark and recapture method mark and recapture counting fish mixing properties

1.46k views • 115 slides

More recommend