How to set up Router/OS 7 and ROV

Thumbnail for post.

Overview

RPKI uptake can be hindered by vendor support or the ageing infrastructure of a service provider lacking support for the basic processes of ROV. In version six of Mikrotik’s Router/OS there is no current support for RPKI. However in version seven, there is now full support for RPKI including scripted responses to ROV validation results.

In this course, we look at the new features available on Router/OS 7 that impact RPKI on the MIKROTIK platform. This includes new routing filter rule syntax and making a simple TCP connection to an RPKI server running Routinator.  The demonstration uses a pair of CHR instances with a single BGP session exchange of valid and invalid ROAs.

Outline

This course will cover the following topics:

  • RPKI/ROA/ROV overview
  • Mikrotik Router/OS v7 what’s new and different
  • Routinator/Router/OS v7 demo

Course Materials

Hosted vs. Delegated RPKI

Thumbnail for post.

So you’ve decided that it’s time to go beyond creating ROAs and you want to deploy RPKI on your network. In the course you will learn more about the differences between hosted RPKI and delegated RPKI and their use cases.

We will discuss different scenarios in which delegated RPKI could be useful, for example, large enterprises, NRENs and organisations that have gone through mergers and acquisitions. With delegated RPKI, you can run your own RPKI Certification Authority, manage your ROAs and publish them in your own repository. It also allows you to further delegate Certification Authorities.

Outline

This course will cover the following topics:

  • An overview of the differences between Hosted and Delegated RPKI;
  • Why Delegated RPKI might be a good option for your organisation;
  • An overview of the features available with Delegated RPKI;
  • Publishing ROAs with APNIC or publishing yourself;
  • System, uptime and failover requirements.

Course Materials