RPKI Week 2022
To highlight the importance of Resource Public Key Infrastructure (RPKI) and encourage network operators to take concrete steps to improve routing security, we will host RPKI Week 2022 from 4-7 July 2022.
RPKI helps prevent Internet routing incidents like prefix hijacking and route leaks. It allows an entity to cryptographically verify that an autonomous system (AS) is authorized to originate a prefix, thus reducing incidents that can lead to DDoS attacks, traffic inspection, lost revenue, reputational damage, and more.
We will bring together partners from across the Internet routing ecosystem to launch tools, provide educational materials, and facilitate discussion and build awareness about routing security.
The event will take place via Zoom and be live-streamed and recorded for later viewing.
Day 1: Monday, 4 July
RPKI and IRR Explorer Tutorial #1
13:00-15:00 UTC
This tutorial will help you understand RPKI from the ground up. We will define issues around routing security and explore how some of those issues can be solved or mitigated by using RPKI. The tutorial requires knowledge about BGP, and will help you understand how you could implement RPKI in your network, from creating ROAs, to understanding how to run validators, and ultimately how to configure Route Origin Validation (ROV). There will be demos for all these actions.
Presenters: Max Stucchi and Teun Vink
Day 2: Tuesday, 5 July
Routing Resiliency Research Roundup
12:00-13:30 UTC
The correct data set helps us make the right decisions to improve the security and resiliency of the global routing table. In this session, we will explore new tools the MANRS research team is building and some other tools our partners are developing.
Introduction | Presentation
New Tool: Shutdown and Hijack Measurement and Identification Tool (SHMIT) | Presentation
This new tool offers better insight into when and how anomalies in BGP happen. Written in python, it leverages publicly available data such as route objects, RPKI, and the RIS Live streaming API. We’ll explore the architecture, the functionality, and the goals of the tool.
Presenter: Max Stucchi
New Tool: Route Collector | Presentation
This new tool leverages open source software to perform validation of Action 1 of the MANRS for Network Operators Program. MANRS participants will be able to set up BGP sessions toward one or more collectors and have insight into whether or not their filters are working properly. This data will be then reported in the MANRS Observatory and will be available through the reports.
Presenter: Max Stucchi
ROA Historical eXplorer
This tool retrieves historical ROAs from the RIPE RPKI archive based on a prefix and/or AS number provided by the user.
PyBGPKIT API | Presentation
This tool provides an API that leverages the BGPKIT parser to process MRT dump files from route collector projects (Route Views or RIPE RIS).
Presenter: Mingwei Zhang
A One-Year Review of RPKI Operations | Presentation
This presentation is about the lessons learnt from a 1-year review of RPKI operations and monitoring by NTT using BGPAlerter.
Presenter: Massimo Candela
Session Moderator: Amreesh Phokeer
Day 3: Wednesday, 6 July
RPKI and IRR Explorer Tutorial #2
06:00-08:00 UTC
This tutorial will help you understand RPKI from the ground up. We will define issues around routing security and explore how some of those issues can be solved or mitigated by using RPKI. The tutorial requires knowledge about BGP, and will help you understand how you could implement RPKI in your network, from creating ROAs, to understanding how to run validators, and ultimately how to configure Route Origin Validation (ROV). There will be demos for all these actions.
Presenters: Max Stucchi and Teun Vink
Roadblocks to RPKI Deployment
12:00-13:30 UTC
RPKI allows holders of Internet number resources to make cryptographically verifiable statements about how they intend to use their resources. In this panel we are not going to discuss RPKI as a technology itself, but the administrative impact and concerns around it and what measures are required to improve the usability and increase the deployment. We’ll hear from the Regional Internet Registries (RIRs) running RPKI behind the scenes and responsible for making it look so simple.
Quiz & Prizes
Moderator: Andrew Gallo (GWU)
Panelists: David Njuki (AFRINIC)
Karla Skarda (APNIC)
Brad Gorman (ARIN)
Carlos Martinez (LACNIC)
Nathalie Trenaman (RIPE NCC) | Presentation
Day 4: Thursday, 7 July
Future Developments in Routing Security
12:00-14:00 UTC
Every year, we investigate incidents that emphasize the vulnerability of the whole Internet routing ecosystem and how most of these incidents could be avoided. Fortunately, there are reasons to believe these issues will be solved by following best operational practices and improving the protocols on which the global routing relies heavily. In this session, we will explore current developments in this space that will help make the global routing ecosystem more resilient and secure.
SAVNET: Towards More Accurate Source Address Validation in the Internet
Presenter: Dan Li, Professor, Tsinghua University | Presentation
Source address spoofing is one of the major security threats in the Internet. Attackers can easily carry out reflection attacks, and hide themselves behind the forged source address. The current practice of source address validation (SAV) mechanism in the Internet, namely, uRPF based technology, lacks validation accuracy in routing asymmetry scenarios. We propose SAVNET, a scalable approach to accurately generating SAV tables in the Internet. The basic idea of SAVNET is to accurately discover the real data forwarding path by exchanging necessary information among routers and ASes. SAVNET can be realized by extending existing intra-domain and inter-domain routing protocols.
Quiz & Prizes
Moderator: Melchior Aelmans (Juniper)