RPKI Deployment on VyOS

Thumbnail for post.

Overview

Global Internet infrastructure is vulnerable as its core routing protocol (BGP) has been suffering from prefix hijack, route leaks and bad filtering. Our Internet has experienced many outages due to BGP routing incidents. RPKI can help reduce the impact of those BGP incidents significantly. This webinar would cover the basics of RPKI and how we can deploy RPKI Route Origin Validation on VyOS platform.

Course Outline

In this course, we will cover:

  • RPKI fundamentals
  • RPKI Route Origin Authorisation
  • RPKI Route Origin Validation on VyOS

Course Material

Aris Cahyadi Risdianto

Thumbnail for post.

Aris is a former systems and network professional in the telecommunications field who has been involved in designing, implementing, migrating, and maintaining IP-based networks for enterprises and service providers. He is experienced in working with system/network vendors and mobile/cable-based telecommunications operators. He has been serving as an ambassador for the Open Networking Foundation (ONF) since 2018 and was a part of the ambassadors’ steering committee team in 2019 and 2023. Currently, he is actively working on building software-based solutions and testing environments for Future Internet, Cloud Computing, and Cyber Security.

Aris shares his knowledge as a volunteer community trainer.

Md Abdullah Al Naser

Thumbnail for post.

Naser is a professional IP network enthusiast with extensive experience working in large ISPs, telecoms, and enterprise network infrastructures. He specializes in planning and designing complex network solutions for both service providers and corporate networks, with expertise in advanced routing protocols such as OSPF, IS-IS, and BGP, as well as IPv6 and MPLS. Alongside his profession, Naser is also involved in technical writing and providing technical training within his capacity.

Rahul Makhija

Thumbnail for post.

Rahul Makhija is a seasoned IP network professional. He has been in the ISP industry since 2007.  He is a BGP enthusiast and an IPv6 evangelist. Rahul is currently the CTO at Esto Group of Companies (AS135817). He actively participates in various community engagements. Rahul has been contributing to various program committees such as INNOG, SANOG and APNIC conferences. Over the years, he has mentored many network engineers, helping them gain new skill sets and adopt industry’s best practices.

 Rahul shares his knowledge and experience as a volunteer community trainer for APNIC.

Vasira Mysavath

Thumbnail for post.

Vasira is currently the Head of the Network and Integration System division of the Ministry of Technology and Communication in Laos. He has more than 10 years of experience working in the management, planning and implementation, security and integration system for the government network. He has completed a Master’s degree in Network Systems from Swinburne University of Technology.

Vasira shares his knowledge as a retained community trainer for APNIC.

RPKI Deployment Status: 2022 in Review

Thumbnail for post.

The course will look at the status of the RPKI deployment and ROA adoption in the Asia-Pacific region and the changes around it since last year. It will cover the RPKI framework in general and how it helps secure the global Internet routing infrastructure.

Course outline

This course will cover the following topics:

  • Overview of routing incidents and RPKI at-a-glance
  • Cover Global and APAC stats and BGP path validation
  • RPKI at APNIC

Course Materials

How to set up Router/OS 7 and ROV

Thumbnail for post.

Overview

RPKI uptake can be hindered by vendor support or the ageing infrastructure of a service provider lacking support for the basic processes of ROV. In version six of Mikrotik’s Router/OS there is no current support for RPKI. However in version seven, there is now full support for RPKI including scripted responses to ROV validation results.

In this course, we look at the new features available on Router/OS 7 that impact RPKI on the MIKROTIK platform. This includes new routing filter rule syntax and making a simple TCP connection to an RPKI server running Routinator.  The demonstration uses a pair of CHR instances with a single BGP session exchange of valid and invalid ROAs.

Outline

This course will cover the following topics:

  • RPKI/ROA/ROV overview
  • Mikrotik Router/OS v7 what’s new and different
  • Routinator/Router/OS v7 demo

Course Materials

Historical Resource Management and the Benefits of RPKI

Thumbnail for post.

Overview

From 1 January 2023 Historical Resources in the APNIC region need to be managed under a Member or Non-Member account to continue to receive registry services from APNIC. This is a result APNIC Executive Council (EC) directive made on 22 February 2021 during APNIC 51.

One of the registry services that historical resource account holders will have access to is RPKI (Resource Public Key Infrastructure). This course will cover the improvements and benefits of RPKI, and the impact this will have on the network operations industry.

Course outline

  • Background on historical resources
  • Executive Council resolutions and it’s impact on historical resource holders
  • What is RPKI?
  • RPKI improvements being made and how it benefits the network operations industry
  • Next steps historical resource holders need to take to continue to receive registry services
  • Q&A

Course Materials

Ulsbold Enkhtaivan

Thumbnail for post.

Ulsbold has 12 year experience in the ISP and Telecom industry, currently a senior network engineer at Mobicom corporation in Mongolia. He is responsible for IP Transit/Core, domestic MPLS and Enterprise network in Mobicom corporation. His expertise includes routing & switching, IPv6 dual stack, MPLS.

Ulsbold is Program committee member of mnNOG.

Liezel Manangan

Thumbnail for post.

Liezel has been working in the field of telecommunications since 2008 and is currently a network engineer at SKY Cable Corporation, an ISP in the Philippines. She leads the IP Core Network under Engineering Division, handling the core and gateway routing infrastructure, peering and interconnection. Liezel is also a volunteer in PhNOG. 

She finished her degree in Electronics and Commuications Engineering in Polytechnic University of the Philippines.

Liezel shares her knowledge as a retained community trainer.