How to set up Router/OS 7 and ROV

Thumbnail for post.

Overview

RPKI uptake can be hindered by vendor support or the ageing infrastructure of a service provider lacking support for the basic processes of ROV. In version six of Mikrotik’s Router/OS there is no current support for RPKI. However in version seven, there is now full support for RPKI including scripted responses to ROV validation results.

In this course, we look at the new features available on Router/OS 7 that impact RPKI on the MIKROTIK platform. This includes new routing filter rule syntax and making a simple TCP connection to an RPKI server running Routinator.  The demonstration uses a pair of CHR instances with a single BGP session exchange of valid and invalid ROAs.

Outline

This course will cover the following topics:

  • RPKI/ROA/ROV overview
  • Mikrotik Router/OS v7 what’s new and different
  • Routinator/Router/OS v7 demo

Course Materials

Historical Resource Management and the Benefits of RPKI

Thumbnail for post.

Overview

From 1 January 2023 Historical Resources in the APNIC region need to be managed under a Member or Non-Member account to continue to receive registry services from APNIC. This is a result APNIC Executive Council (EC) directive made on 22 February 2021 during APNIC 51.

One of the registry services that historical resource account holders will have access to is RPKI (Resource Public Key Infrastructure). This course will cover the improvements and benefits of RPKI, and the impact this will have on the network operations industry.

Course outline

  • Background on historical resources
  • Executive Council resolutions and it’s impact on historical resource holders
  • What is RPKI?
  • RPKI improvements being made and how it benefits the network operations industry
  • Next steps historical resource holders need to take to continue to receive registry services
  • Q&A

Course Materials

Ulsbold Enkhtaivan

Thumbnail for post.

Ulsbold has 12 year experience in the ISP and Telecom industry, currently a senior network engineer at Mobicom corporation in Mongolia. He is responsible for IP Transit/Core, domestic MPLS and Enterprise network in Mobicom corporation. His expertise includes routing & switching, IPv6 dual stack, MPLS.

Ulsbold is Program committee member of mnNOG.

RPKI: 2021 in review

Thumbnail for post.

Overview

A retrospective look at RPKI.

What happened, what changed and what we learned throughout 2021 .

Outline

This course will cover the following topics:


– Quick overview of Incidents this year
– Quick overview of the framework
– RPKI By the numbers
– What have we learned this year

Hosted vs. Delegated RPKI

Thumbnail for post.

So you’ve decided that it’s time to go beyond creating ROAs and you want to deploy RPKI on your network. In the course you will learn more about the differences between hosted RPKI and delegated RPKI and their use cases.

We will discuss different scenarios in which delegated RPKI could be useful, for example, large enterprises, NRENs and organisations that have gone through mergers and acquisitions. With delegated RPKI, you can run your own RPKI Certification Authority, manage your ROAs and publish them in your own repository. It also allows you to further delegate Certification Authorities.

Outline

This course will cover the following topics:

  • An overview of the differences between Hosted and Delegated RPKI;
  • Why Delegated RPKI might be a good option for your organisation;
  • An overview of the features available with Delegated RPKI;
  • Publishing ROAs with APNIC or publishing yourself;
  • System, uptime and failover requirements.

Course Materials

Demystifying AS0

Thumbnail for post.

Overview

Global BGP routing defines Autonomous System (AS) Number 0 as “special” to mark prefixes as unroutable. Resource certification (RPKI) has taken this concept further, using AS0 to signal prefixes which should not be routed, unless another ROA exists with a different AS, for the prefix in question. This means that AS0 can be used to do two things: 

  1. Exclude as-yet undeployed resources from global BGP, by creating an AS0 ROA signed by APNIC for the prefixes still held in reserve
  2. Confirm that specific resources are only to be used if an RPKI ROA exists, signed by the delegate.

In 2019, APNIC was requested to work on a system to deploy AS0 for all unassigned and unallocated resources under APNIC management as a policy proposal. Across 2019 and 2020 we deployed a standalone system to do this.

The course explores how AS0 works, how we deployed it, and how BGP speakers can interact with the APNIC AS0 ROA, and with their own use of AS0 for delegated resources.

Outline

This course covers the following topics:

  • What is AS0?
  • What is RPKI, and the “TAL” and ROAs? What is SLURM?
  • What is an AS0 ROA and how is it made?
  • What is the APNIC AS0 RPKI system, and the AS0 “TAL”?
  • How does the APNIC AS0 ROA relate to resources overall?
  • How does it differ from individual INR holders AS0 ROA?
  • How do I use a ROA? How do I use the AS0 ROA from APNIC
  • What about the other RIR, or NIR?
  • What does the future hold for RPKI and AS0?

Course Materials

George Michaelson

Thumbnail for post.

George is the Product Manager at APNIC For Information products (REX, DASH and NetOX). He is a computer scientist originally from the UK, with 40 years experience in networking and IT management. He participates in IETF standardization, and attends RIR and NOG meetings.

RPKI Deployment

Thumbnail for post.

Overview

Webinar Overview

The webinar will focus on the different steps involved in deploying/implementing RPKI (from an operator’s point of view) – how to sign resources (ROA creation) through the MyAPNIC Portal, how to verify/check the ROAs, how to deploy RPKI validators, how to configure a RTR session between BGP speaking routers and the validator, how to interpret the validation states of received routes, and how to act (drop or apply policies) the validation states on the routers.

Outline

This webinar will cover the following topics:

  • What is RPKI
  • Benefits of RPKI
  • RPKI Building Blocks
  • RPKI Profile
  • Trust Anchor (TA)
  • Issuing Party
  • Single Trust Anchor
  • Routing Origin Authorization (ROA)
  • Relying Party (RPKI Validator)
  • Origin Validation
  • Validation States
  • Policies Based on Validation
  • RPKI Caveats
  • Create (Publish) Your ROA
  • Check Your ROA
  • Deploy RPKI Validator
  • RIPE – Validator
  • Dragon Research – Validator
  • Routinator – Validator
  • Configuration (IOS)
  • Configuration (JunOS)

RPKI 部署

Thumbnail for post.

概述

发布日期: 2019 年 4 月 10 日

本课程重点讨论部署/实施 RPKI 所涉及的不同步骤(运营商视角)——如何通过 MyAPNIC 门户网站签署资源(ROA 创建),如何验证/检查 ROA,如何部署 RPKI 验证器,如何在 BGP 语言路由器和验证器之间配置 RTR 会话,如何解释所收到路由的验证状态,以及如何在路由器上操作(丢弃或应用策略)验证状态。

课程大纲

本网络讲座将涵盖以下专题:

  • 什么是 RPKI
  • RPKI 的好处
  • RPKI 构建组块
  • RPKI 配置文件
  • 信任锚(TA)
  • 颁发方
  • 单一信任锚
  • 路由起点证明(ROA)
  • 依赖方(RPKI 验证器)
  • 起点验证
  • 验证状态
  • 基于验证的策略
  • RPKI 警告
  • 创建(发布)您的 ROA
  • 检查您的 ROA
  • 部署 RPKI 验证器
  • RIPE 验证器
  • Dragon Research – 验证器
  • Routinator – 验证器
  • 配置(IOS)
  • 配置(JunOS)

课程材料

测验与证书

单击下面链接转到测验。

转到课程测验