フィードバックStrengthen your Network Security with APNIC Products and Tools
Overview
Course Overview
This webinar introduces participants to APNIC products, tools, and routing security services, with a focus on strengthening the security and visibility of Internet routing. The session provides a guided, practical overview of current routing security mechanisms including IRR route objects, AS‑SETs, and RPKI ROAs, as well as an introduction to upcoming improvements such as RPKI ASPAs.
Participants will also learn how to use APNIC DASH to visualise the status of their BGP routing, identify misconfigurations or security risks, receive alerts about suspicious activity, and assess their network’s alignment with Internet security best practices.
This session is designed to help operators better understand the tools available to them and apply routing security techniques directly within their own networks.
Course Outline
This course will cover the following topics:
- Introduction to APNIC products and tools
- Routing Security – Current and future mechanisms
- Learn how to use APNIC DASH
Course Materials
Lakht E Hassnain
Lakht E Hassnain is a seasoned network and security professional with over 15 years of experience in ISP and telecom environments. Specializing in IP routing, BGP, RPKI, DNS, IPv6, DNSSEC, IX operations, and CDN deployment, Lakht currently oversees the internet gateway infrastructure and IP resources for a major mobile operator in Pakistan. As an active member of the Internet Society Pakistan, Lakht is passionate about sharing knowledge and building technical capacity within the community.
Lakht volunteers as a community trainer and shares his knowledge.
Fernanda Adhipramana
Fernanda is a network engineer with extensive experience in designing, implementing, and managing network infrastructures across enterprise WANs, service providers, and data center networks. He has a deep understanding of a wide range of networking technologies, including IGP (OSPF, IS-IS, RIP), BGP, MPLS, and VXLAN.
In addition to his technical background, Fernanda is also an experienced trainer with over 100 hours of teaching, and hundreds of students from various companies and academic institutions.
Fernanda volunteers as a community trainer and shares his knowledge.
RPKI Deployment on VyOS
Overview
Course Overview
Global Internet infrastructure is vulnerable as its core routing protocol (BGP) has been suffering from prefix hijack, route leaks and bad filtering. Our Internet has experienced many outages due to BGP routing incidents. RPKI can help reduce the impact of those BGP incidents significantly. This course covers the basics of RPKI and how we can deploy RPKI Route Origin Validation on VyOS platform.
Course Outline
In this course, we will cover:
- RPKI fundamentals
- RPKI Route Origin Authorisation
- RPKI Route Origin Validation on VyOS
Course Materials
Aris Cahyadi Risdianto
Aris is a former systems and network professional in the telecommunications field who has been involved in designing, implementing, migrating, and maintaining IP-based networks for enterprises and service providers. He is experienced in working with system/network vendors and mobile/cable-based telecommunications operators. He has been serving as an ambassador for the Open Networking Foundation (ONF) since 2018 and was a part of the ambassadors’ steering committee team in 2019 and 2023. Currently, he is actively working on building software-based solutions and testing environments for Future Internet, Cloud Computing, and Cyber Security.
Aris shares his knowledge as a volunteer community trainer.
Md Abdullah Al Naser
Naser is a professional IP network enthusiast with extensive experience working in large ISPs, telecoms, and enterprise network infrastructures. He specializes in planning and designing complex network solutions for both service providers and corporate networks, with expertise in advanced routing protocols such as OSPF, IS-IS, and BGP, as well as IPv6 and MPLS. Alongside his profession, Naser is also involved in technical writing and providing technical training within his capacity.
Rahul Makhija
Rahul Makhija is a seasoned IP network professional. He has been in the ISP industry since 2007. He is a BGP enthusiast and an IPv6 evangelist. Rahul is currently the CTO at Esto Group of Companies (AS135817). He actively participates in various community engagements. Rahul has been contributing to various program committees such as INNOG, SANOG and APNIC conferences. Over the years, he has mentored many network engineers, helping them gain new skill sets and adopt industry’s best practices.
Rahul shares his knowledge and experience as a volunteer community trainer for APNIC.
Vasira Mysavath
Vasira is currently the Head of the Network and Integration System division of the Ministry of Technology and Communication in Laos. He has more than 10 years of experience working in the management, planning and implementation, security and integration system for the government network. He has completed a Master’s degree in Network Systems from Swinburne University of Technology.
Vasira shares his knowledge as a community trainer for APNIC.
RPKI Deployment Status: 2022 in Review
Course Overview
The course will look at the status of the RPKI deployment and ROA adoption in the Asia-Pacific region and the changes around it since last year. It will cover the RPKI framework in general and how it helps secure the global Internet routing infrastructure.
Course Outline
This course will cover the following topics:
- Overview of routing incidents and RPKI at-a-glance
- Cover Global and APAC stats and BGP path validation
- RPKI at APNIC
Course Materials
How to set up Router/OS 7 and ROV
Overview
Course Overview
RPKI uptake can be hindered by vendor support or the ageing infrastructure of a service provider lacking support for the basic processes of ROV. In version six of Mikrotik’s Router/OS there is no current support for RPKI. However in version seven, there is now full support for RPKI including scripted responses to ROV validation results.
In this course, we look at the new features available on Router/OS 7 that impact RPKI on the MIKROTIK platform. This includes new routing filter rule syntax and making a simple TCP connection to an RPKI server running Routinator. The demonstration uses a pair of CHR instances with a single BGP session exchange of valid and invalid ROAs.
Course Outline
This course will cover the following topics:
- RPKI/ROA/ROV overview
- Mikrotik Router/OS v7 what’s new and different
- Routinator/Router/OS v7 demo