Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC

Published byDale Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC"— Presentation transcript:

1 Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC

2 Objectives To provide an introduction to the APNIC Routing Registry
Explain concepts of the global RR Outline the benefits of the APNIC Routing Registry Discuss Routing Policy Specification Language (RPSL) New Initiative RPKI

3 Overview What is IRR? Whois DB Recap APNIC database and the IRR
Using the Routing Registry Using RPSL in practice Benefit of using IRR

4 What is IRR?

5 Prefix Advertise to Internet
Ingress prefix from downstream: Option 1: Customer single home and non portable prefix Customer is not APNIC member prefix received from upstream ISP Option 2: Customer single home and portable prefix Customer is APNIC member receive allocation as service provider but no AS number yet Option 3: Customer multihome and non portable prefix Customer is not APNIC member both prefix and ASN received from upstream ISP Option 4: Customer multihome and portable prefix Customer is APNIC member both prefix and ASN received from APNIC

6 Prefix Filtering BCP [Single home]
Option 1: Customer single home and non portable prefix Internet ISP Prefix 3fff:ffff::/32 AS17821 Static 3fff:ffff:dcdc::/48 to customer WAN Interface No LoA Check of Cust prefix upstream NO BGP Static Default to ISP WAN Interface Customer Prefix 3fff:ffff:dcdc::/48 downstream

7 Prefix Filtering BCP [Single home]
Option 2: : Customer single home and portable prefix Internet ISP Prefix 3fff:ffff::/32 AS17821 Static 2001:0DB8::/32 to customer WAN Interface BGP network 2001:0DB8::/32 AS17821 i Check LoA of Cust prefix Static 2001:0DB8::/32 null0 route is required because customer is having a default to upstream and within 2001:0DB8::/32 prefix if there is no destination match on customer router then it will be forwarded to upstream. In upstream there is a static route for 2001:0DB8::/32 to downstream so to it will bounce back to customer router and will create a loop. LoA: Legitimacy of Address upstream NO BGP Static Default to ISP WAN Interface Static 2001:0DB8::/32 null0 Customer Prefix 2001:0DB8::/32 downstream

8 Prefix Filtering [Multihome]
Option 3: Customer multihome and non portable prefix Internet ISP Prefix 3fff:ffff::/32 AS131107 Check LoA of Cust prefix Manual process to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS17821 eBGP peering with customer WAN interface No LoA Check of Cust prefix Aggregate address is advisable if customer further subnet this 2406:6400:8000::/48 prefix and use it in their iBGP upstream can change upstream can not change AS64500 eBGP peering with both ISP WAN Interface BGP network 3fff:ffff:dcdc::/48 AS64500 i or aggregate address from gateway router Customer Prefix 3fff:ffff:dcdc::/48

9 Prefix Filtering [Multihome]
Option 4: Customer multihome and portable prefix Internet ISP Prefix 3fff:ffff::/32 AS131107 Check LoA of Cust prefix Manual process to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS17821 Check LoA of Cust prefix Manual process to tech-c Automated process route object or RPKI upstream can change upstream can change AS64500 eBGP peering with both ISP WAN Interface BGP network 2001:0DB8::/32 AS64500 i or aggregate address from gateway router Customer Prefix 2001:0DB8::/32

10 What is a Routing Registry?
A repository (database) of Internet routing policy information Autonomous Systems exchanges routing information via BGP Exterior routing decisions are based on policy based rules However BGP does not provides a mechanism to publish/communicate the policies themselves RR provides this functionality Routing policy information is expressed in a series of objects Stability and consistency of routing Network operators share information

11 What is a Routing Registry?
ARIN, ArcStar, FGC, Verio, Bconnex, Optus, Telstra, ... RIPE CW RADB Need to add more IRR in this slide Connect APNIC IRR = APNIC RR + RIPE DB + RADB + C&W + ARIN + …

12 What is Routing Policy? Description of the routing relationship between autonomous systems Who are my BGP peers? Customer, peers, upstream What routes are: Originated by each neighbour? Imported from each neighbour? Exported to each neighbour? Preferred when multiple routes exist? What to do if no route exists? What routes to aggregate?

13 Representation of Routing Policy
AS1 AS2 NET1 NET2 In order for traffic to flow from NET2 to NET1 between AS1 and AS2: AS1 has to announce NET1 to AS2 via BGP And AS2 has to accept this information and use it Resulting in packet flow from NET2 to NET1

14 Representation of Routing Policy
AS1 AS2 NET1 NET2 In order for traffic to flow towards from NET1 to NET2: AS2 must announce NET2 to AS1 And AS1 has to accept this information and use it Resulting in packet flow from NET 1 to NET2

15 RPSL Routing Policy Specification Language Object oriented language
Based on RIPE-181 Structured whois objects Higher level of abstraction than access lists Describes things interesting to routing policy: Routes, AS Numbers … Relationships between BGP peers Management responsibility RFC 2622 RFC 2725 Need to check those RFC for any update. RFC 2650

16 Routing Policy - Examples
Basic concept AS 1 AS 2 “action pref” - the lower the value, the preferred the route aut-num: AS1 import: from AS2 action pref= 100; accept AS2 export: to AS2 announce AS1 aut-num: AS2 import: from AS1 action pref=100; accept AS1 export: to AS1 announce AS2

17 Routing Policy - Examples
AS4 AS5 AS 123 AS5 More complex example AS4 gives transit to AS5, AS10 AS4 gives local routes to AS123 AS10

18 Routing Policy - Examples
AS4 AS5 AS 123 AS5 aut-num: AS4 import: from AS123 action pref=100; accept AS123 AS10 import: from AS5 action pref=100; accept AS5 import: from AS10 action pref=100; accept AS10 export: to AS123 announce AS4 export: to AS5 announce AS4 AS10 Not a path export: to AS10 announce AS4 AS5

19 Routing Policy - Examples
transit traffic over link2 AS123 AS4 link3 private link1 AS6 More complex example AS4 and AS6 private link1 AS4 and AS123 main transit link2 backup all traffic over link1 and link3 in event of link2 failure

20 Routing Policy - Examples
transit traffic over link2 AS123 AS4 link3 private link1 AS6 AS representation aut-num: AS4 import: from AS123 action pref=100; accept ANY full routing received import: from AS6 action pref=50; accept AS6 import: from AS6 action pref=200; accept ANY export: to AS6 announce AS4 higher cost for backup route export: to AS123 announce AS4

21 Whois Database Recap

22 APNIC Database Public network management database
APNIC whois database contains: Internet resource information and contact details APNIC Routing Registry (RR) contains: routing information APNIC RR is part of IRR Distributed databases that mirror each other

23 Database Object An object is a set of attributes and values
Each attribute of an object... Has a value Has a specific syntax Is mandatory or optional Is single- or multi-valued Some attributes ... Are primary (unique) keys Are lookup keys for queries Are inverse keys for queries Object “templates” illustrate this structure

24 Person Object Example Person objects contain contact information Attributes Values person: address: country: phone: fax-no: nic-hdl: mnt-by: changed: source: Test Person ExampleNet Service Provider 2 Pandora St Boxville Wallis and Futuna Islands TC TP17-AP MAINT-ENET-TC APNIC

25 Database Queries None find exact match
Flags used for inetnum queries None find exact match - l find one level less specific matches - L find all less specific matches - m find first level more specific matches - M find all More specific matches - x find exact match (if no match, nothing) - d enables use of flags for reverse domains - r turn off recursive lookups

26 Database Protection Authorisation Authentication
“mnt-by” references a mntner object Can be found in all database objects “mnt-by” should be used with every object! Authentication Updates to an object must pass authentication rule specified by its maintainer object

27 Prerequisite for Updating Objects
Create person objects for contacts To provide contact info in other objects Create a mntner object To provide protection of objects Protect your person object

28 APNIC Database and the IRR

29 APNIC Database & the IRR
APNIC whois Database Two databases in one Public Network Management Database “whois” info about networks & contact persons IP addresses, AS numbers etc Routing Registry contains routing information routing policy, routes, filters, peers etc. APNIC RR is part of the global IRR # database. Customer assignment/sub-allocation, APNIC delegation, Routing policy Server SW ftp://ftp.ripe.net/ripe/dbase/software/ Client SW ftp://ftp.ripe.net/tools/ripe-whois-latest.tar.gz RIPE whois client is using many RIPE-specific flags, and the server can recognise them even if you are using some other *nix client. Usually you need to include all the options between the inverted commas. List of all the RRs in IRR: At the beginning, everyone has to decide which RR to use. It is possible also to run your own RR. For more information, see “Practical usage” slides.

30 Integration of Whois and IRR
Integrated APNIC Whois Database & Internet Routing Registry APNIC Whois IRR IP, ASNs, reverse domains, contacts, maintainers etc routes, routing policy, filters, peers etc inetnum, aut-num, domain, person, role, maintainer route, aut-num, as-set, inet-rtr, peering-set etc. Internet resources & routing information

31 Inter-related IRR Objects
aut-num: AS1 … tech-c: KX17-AP mnt-by: MAINT-EX … route: origin: … mnt-by: MAINT-EX /24 inetnum: tech-c: KX17-AP mnt-by: MAINT-EX AS1 person: … nic-hdl: KX17-AP mntner: MAINT-EX

32 Inter-related IRR Objects
as-set: AS1:AS-customers members: AS10, AS11 route-set: AS2:RS-routes members: /20, /20 , AS2 route: 218.2/20 … origin: AS2 … route: /20 … origin: AS2 … aut-num: AS10 inetnum: inetnum: aut-num: AS11 aut-num: AS2 aut-num: AS2

33 Hierarchical Authorisation
mnt-routes authenticates creation of route objects creation of route objects must pass authentication of mntner referenced in the mnt-routes attribute Format: mnt-routes: <mntner> In: route aut-num inetnum Will wait for update on

34 Authorisation Mechanism
inetnum: – netname: SPARKYNET-TC descr: SparkyNet Service Provider mnt-by: APNIC-HM mnt-lower: MAINT-SPARKYNET1-TC mnt-routes: MAINT-SPARKYNET2-TC This object can only be modified by APNIC Creation of more specific objects within this range has to pass the authentication of MAINT-SPARKYNET1-TC Creation of route objects matching/within this range has to pass the authentication of MAINT-SPARKYNET2-TC

35 Creating Route Objects
Multiple authentication checks: Originating ASN mntner in the mnt-routes is checked If no mnt-routes, mnt-lower is checked If no mnt-lower, mnt-by is checked AND the address space Exact match & less specific route mnt-routes etc AND the route object mntner itself The mntner in the mnt-by attribute aut-num inetnum route route

36 Creating Route Objects
4 1 2 route: /20 origin: AS1 IP address range AS number inetnum: – mnt-routes: MAINT-WF-EXNET aut-num: AS1 mnt-routes: MAINT-WF-EXNET maintainer 5 3 mntner: MAINT-WF-EXNET auth: CRYPT-PW klsdfji9234 1. Create route object and submit to APNIC RR database 2. DB checks aut-num obj corresponding to the ASN in route obj 3. Route obj creation must pass auth of mntner specified in aut-num mnt-routes attribute. 4. DB checks inetnum obj matching/encompassing IP range in route obj 5. Route obj creation must pass auth of mntner specified in inetnum mnt-routes attribute.

37 Using RPSL in practice

38 Overview Review examples of routing policies expression
Peering policies Filtering policies Backup connection Multihoming policies

39 RPSL - review Purpose of RPSL
Allows specification of your routing configuration in the public IRR Allows you to check “Consistency” of policies and announcements Gives opportunities to consider the policies and configuration of others

40 Address Prefix Range Operator
Meanings ^- Exclusive more specifics of the address prefix: E.g /16^- contains all more specifics of /16 excluding /16 ^+ Inclusive more specific of the address prefix: E.g /8^+ contains all more specifics of /8 including /8

41 Address Prefix Operator (cont.)
Meanings ^n n = integer, stands for all the length “n” specifics of the address prefix: E.g /8^16 contains all the more specifics of /8 which are length of 16 such as /16 ^n-m m = integer, stands for all the length “n” to length “m” specifics of the address prefix: E.g /8^24-32 contains all the more specifics of /8 which are length of 24 to 32 such as /28

42 AS-path regular expressions
A context-independent syntax that can represent a wide variety of character sets and character set orderings These character sets are interpreted according to the current The Open Group Base Specifications (IEEE) Can be used as a policy filter by enclosing the expression in “<“ and “>”.

43 Filter List- Regular Expression
Like Unix regular expressions . Match one character * Match any number of preceding expression + Match at least one of preceding expression ^ Beginning of line $ End of line \ Escape a regular expression character _ Beginning, end, white-space, brace | Or () Brackets to contain expression [ ] Brackets to contain number ranges Source:

44 AS-path Regular Expression
Operator Meanings <AS3> Route whose AS-path contains AS3 <^AS1> Routes whose AS-path starts with AS1 <AS2$> Routes whose AS-path end with AS2 <^AS1 AS2 AS3$> Routes whose AS-path is exactly “1 2 3” <^AS1 . * AS2$> AS-path starts with AS1 and ends in AS2 with any number ASN in between <^AS3+$> AS-path starts with AS3 and ends in AS3 and AS3 is the first member of the path and AS3 occurs one or more times in the path and no other AS can be present in the path after AS3

45 AS-path Regular Expression (cont.)
Operator Meanings <AS3|AS4> Routes whose AS-path is with AS3 or AS4 <AS3 AS4> Routes whose AS-path with AS3 followed by AS4 RFC2622 P20

46 Common Peering Policies
ISP (Transit provider) Customer Internet AS 1 AS 2 AS 3 AS 4 AS 5 Peering policies of an AS Registered in an aut-num object

47 Common Peering Policies
Policy for AS3 in the AS2 aut-num object aut-num: AS2 as-name: SAMPLE-NET dsescr: Sample AS import: from AS1 accept ANY import: from AS3 accept <^AS3+$> export: to AS3 announce AS2 export: to AS1 announce AS2 AS3 admin-c: TP1-AP tech-c: TP2-AP mtn-by: MAINT-SAMPLE-AP changed:

48 Transit Provider Policies
ISP (Transit provider) Customer Internet AS 1 AS 2 AS 3 AS 4 AS 5 Peering policies of an AS Registered in an aut-num object

49 ISP Customer – Transit Provider Policies
Policy for AS3 and AS4 in the AS2 aut-num object aut-num: AS2 import: from AS1 accept ANY import: from AS3 accept <^AS3+$> import: from AS4 accept <^AS4+$> export: to AS3 announce ANY export: to AS4 announce ANY export: to AS1 announce AS2 AS3 AS4

50 AS-set Object Describe the customers of AS2 as-set: AS2:AS-CUSTOMERS
members: AS3 AS4 changed: source: APNIC

51 Aut-num Object referring as-set Object
aut-num: AS2 import: from AS1 accept ANY import: from AS2:AS-CUSTOMERS accept <^AS2:AS-CUSTOMERS+$> export: to AS2:AS-CUSTOMERS announce ANY export: to AS1 announce AS2 AS2:AS-CUSTOMERS aut-num: AS1 import: from AS2 accept <^AS2+AS2:AS-CUSTOMERS+$> export: ………

52 IRRToolSet Set of tools developed for using the Internet Routing Registry (IRR) Work with Internet routing policies These policies are stored in IRR in the Routing Policy Specification Language (RPSL) The goal of the IRRToolSet is to make routing information more convenient and useful for network engineers Tools for automated router configuration, Routing policy analysis On-going maintenance etc.

53 IRRToolSet Download: ftp://ftp.isc.org/isc/IRRToolSet/
Installation needs: lex, yacc and C++ compiler #wget ftp://ftp.isc.org/isc/IRRToolSet/IRRToolSet /irrtoolset tar.gz # tar –zxvf irrtoolset tar.gz # cd irrtoolset-5.0.1 ./configure make make install

54 IRRToolSet root@bofh:~ whois –h whois.apnic.net AS17821
#####snipped###### mp-import: afi any.unicast { from AS-ANY accept ANY AND NOT RS-MARTIANS; } refine { from AS-ANY action pref = 50; accept community.contains(17821:50); from AS-ANY action pref = 30; accept community.contains(17821:70); from AS-ANY action pref = 10; accept community.contains(17821:90); from AS-ANY action pref = 0; accept ANY; } refine afi ipv4.unicast {

55 IRR Toolset, RPSL: rtconfig(Contd)
Cisco Specific @rtconfig set cisco_map_name = <map-name> @rtconfig set cisco_map_first_no = <no> @rtconfig set cisco_map_increment_by = <no> @rtconfig set cisco_prefix_acl_no = <no> @rtconfig set cisco_aspath_acl_no = <no> @rtconfig set cisco_pktfilter_acl_no = <no> @rtconfig set cisco_community_acl_no = <no> @rtconfig set cisco_access_list_no = <no> @rtconfig set cisco_max_preference = <no> @rtconfig networks <ASN-1> @rtconfig inbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN- 2> <rtr-2>

56 IRR Toolset, RPSL: rtconfig(Contd)
Junos Specific @rtconfig set junos_policy_name = <policy-name> @rtconfig networks <ASN-1>

57 IRR Toolset, RPSL: rtconfig Input File(Provision)
router bgp 17821 neighbor remote-as neighbor version 4 ! # X Communication Ltd @RtConfig set cisco_access_list_no = 500 @RtConfig set cisco_map_name = "AS58715-IN" @RtConfig import AS AS @RtConfig set cisco_access_list_no = 599 @RtConfig set cisco_map_name = "ANY" @RtConfig export AS AS # xyz Ltd @RtConfig set cisco_access_list_no = 501 @RtConfig set cisco_map_name = "AS58656-IN" @RtConfig import AS AS @RtConfig export AS AS end Page 57

58 Use of RPSL - RtConfig RtConfig
part of IRRToolSet Reads policy from IRR (aut-num, route & -set objects) and generates router configuration vendor specific: Cisco, Bay's BCC, Juniper's Junos and Gated/RSd Creates route-map and AS path filters Can also create ingress / egress filters

59 IRR Toolset, RPSL: Uploading Configuration
Various ways to upload configuration: SNMP Write NETCONF XML Based Automated Script using expect

60 Why use IRR and RtConfig?
Benefits of RtConfig Avoid filter errors (typos) Expertise encoded in the tools that generate the policy rather than engineer configuring peering session Filters consistent with documented policy (need to get policy correct though)

61 New Initiative RPKI

62 What is RPKI? Resource Public Key Infrastructure (RPKI)
A robust security framework for verifying the association between resource holder and their Internet resources Created to address the issues in RFC 4593 “Generic Threats to Routing Protocols” Helps to secure Internet routing by validating routes Proof that prefix announcements are coming from the legitimate holder of the resource

63 Benefits of RPKI - Routing
Similar objective as IRR but in a robust and scalable way Prevents route hijacking A prefix originated by an AS without authorization Reason: malicious intent Prevents mis-origination A prefix that is mistakenly originated by an AS which does not own it Also route leakage Reason: configuration mistake / fat finger

64 Public Key Concept Private key: This key must be known only by its owner. Public key: This key is known to everyone (it is public) Relation between both keys: What one key encrypts, the other one decrypts, and vice versa. That means that if you encrypt something with my public key (which you would know, because it's public :-), I would need my private key to decrypt the message. Same as http with SSL aka https

65 X.509 Certificates 3779 EXT

66 Trust Anchor

67 Trust Anchor Locator (TALs)
In cryptographic systems with hierarchical structure, a Trust anchor is an authoritative entity for which trust is assumed and not derived. In X.509 architecture, a root certificate would be the trust anchor from which whole chain of trust is derived. The trust anchor must be in possession of the trusting party beforehand to make any further certificate path validation possible. RPKI uses Internet Assigned Numbers Authority(IANA) as the trust anchor, and Regional Internet Registries(RIR) as immediately subordinate nodes to that anchor (Single Trust Anchor). Split Trust Anchor.

68 PKI in IRR The RIRs hold a self-signed root certificate for all the resources that they have in the registry They are the trust anchor for the system That root certificate is used to sign a certificate that lists your resources You can issue child certificates for those resources to your customers When making assignments or sub allocations

69 Route Origination Attestations (ROA)
Next to the prefix and the ASN which is allowed to announce it, the ROA contains: A minimum prefix length A maximum prefix length An expiry date Origin ASN Multiple ROAs can exist for the same prefix ROAs can overlap

70 Origin Validation Router gets ROA information from the RPKI Cache
RPKI verification is done by the RPKI Cache The BGP process will check each announcement with the ROA information and label the prefix

71 Valid > Unknown > Invalid
Result of Check Valid – Indicates that the prefix and AS pair are found in the database. Invalid – Indicates that the prefix is found, but either the corresponding AS received from the EBGP peer is not the AS that appears in the database, or the prefix length in the BGP update message is longer than the maximum length permitted in the database. Not Found / Unknown– Indicates that the prefix is not among the prefixes or prefix ranges in the database. Valid > Unknown > Invalid

72 ROA Example

73 You can define your policy based on the outcomes
Local Policy You can define your policy based on the outcomes Do nothing Just logging Label BGP communities Modify preference values Rejecting the announcement

74 RPKI Support in Routers
The RPKI-RTR Protocol is an IETF Internet Draft Production Cisco Support: ASR1000, 7600, ASR903 and ASR901 in releases 15.2(1)S or XE 3.5 Cisco Early Field Trial (EFT): ASR9000, CRS1, CRS3 and c12K (IOS-XR 4.3.2) Juniper has support since version 12.2 Quagga has support through BGP-SRX

75 RPKI Caveats When RTR session goes down, the RPKI status will be “not found” for all the bgp route after a while Invalid => not found we need several RTR sessions or care your filtering policy In case of the router reload, which one is faster, receiving ROAs or receiving BGP router? If receiving BGP is match faster than ROA, the router propagate the invalid route to others We need to put our Cache validator within our IGP scope

76 RPKI Configuration

77 Topology for Origin Validation

78 Topology for Origin Validation

79 Phase I - Publishing ROA

80 Phase I - Publishing ROA

81 Phase I - Publishing ROA

82 Phase I - Publishing ROA- IPv4

83 Phase I - Publishing ROA- IPv6

84 Phase I - Check your ROA

85 Phase I - Check your ROA

86 Phase II - RPKI Validator

87 Phase II - RPKI Validator

88 Phase II - RPKI Validator

89 Phase III - Router Configuration (Juniper)

90 Phase III - Router Configuration (Juniper)

91 Phase III - Router Configuration (Juniper)

92 Check your prefix show route protocol bgp /24 ! ! inet.0: destinations, routes ( active, 0 holddown, 2 hidden)! + = Active Route, - = Last Active, * = Both! / *[BGP/170] 01:42:11, localpref 100! AS path: I, validation-state: valid! > to via ge-1/0/9.0

93 Check your prefix #show validation session!
show validation session ! Session State Flaps Uptime #IPv4/IPv6 records! Up d 09:33: /1431

94 Phase III - Router Configuration (Cisco IOS)
gw1.bne.training.apnic.net#sh running-config | b bgp router bgp 45192 bgp log-neighbor-changes no bgp default ipv4-unicast bgp rpki server tcp port 8282 refresh 500 neighbor IPv4-INTERNAL-iBGP peer-group neighbor IPv4-INTERNAL-iBGP remote-as 45192 neighbor IPv4-INTERNAL-iBGP update-source Loopback0 neighbor IPv6-INTERNAL-iBGP peer-group !

95 Phase III - Router Configuration (Cisco IOS)
gw1.bne.training.apnic.net#sh bgp ipv4 unicast rpki servers BGP SOVC neighbor is /8282 connected to port 8282 Flags 64, Refresh time is 500, Serial number is 174, Session ID is 62568 InQ has 0 messages, OutQ has 0 messages, formatted msg 45 Session IO flags 3, Session flags 4008 Neighbor Statistics: Prefixes 17498 Connection attempts: 1 Connection failures: 0 Errors sent: 0 Errors received: 0

96 Phase III - Router Configuration (Cisco IOS)
gw1.bne.training.apnic.net#sh bgp ipv6 unicast BGP table version is , local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path N ::/ :: I N*> 2001:67C:7C::/ :DC0:E007:10::2 i V*> 2001:67C:88::/ :DC0:E007:10::2 I I* :660:8015::/48 2001:DC0:E007:10::2

97 Phase III - Router Configuration (Cisco IOS)
gw1.bne.training.apnic.net#sh route-map route-map test-lo-pf, permit, sequence 10 Match clauses: rpki invalid Set clauses: local-preference 50 Policy routing matches: 0 packets, 0 bytes route-map test-lo-pf, permit, sequence 20 Match clauses: rpki valid Set clauses: local-preference 200 route-map test-lo-pf, permit, sequence 30 Match clauses: rpki notfound Set clauses: local-preference 100

98 Software Bug 

99 Software Bug 

100 Unexpected Logic 

101 Inconsistent Logic 

102

103 Member Services Helpdesk
One point of contact for all member enquiries Online chat services Helpdesk hours 9:00 am - 9:00 pm (AU EST, UTC + 10 hrs) ph: fax: More personalised service Range of languages: Bahasa Indonesia, Bengali, Cantonese, English, Hindi, Mandarin, Thai, etc. Faster response and resolution of queries IP resource applications, status of requests, obtaining help in completing application forms, membership enquiries, billing issues & database enquiries

104 Thank You 

105

Download ppt "Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC"

Similar presentations

APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.

APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
BGP.

BGP.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)

Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Routing Registries What are they, how do they work, and why should I care? Larry Blunk, Merit Network, Inc.The Quilt Peering Workshop, Fall 2006.

Routing Registries What are they, how do they work, and why should I care? Larry Blunk, Merit Network, Inc.The Quilt Peering Workshop, Fall 2006.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.
Ion Stoica October 2, 2002 (* this presentation is based on Lakshmi Subramanian’s slides) EE 122: Inter-domain routing – Border Gateway Protocol (BGP)

Ion Stoica October 2, 2002 (* this presentation is based on Lakshmi Subramanian’s slides) EE 122: Inter-domain routing – Border Gateway Protocol (BGP)
1 Using RPSL in Practice Chun Zhang Nov 2, 2000 ECE 697F: Special Topics - Internet Routing.

1 Using RPSL in Practice Chun Zhang Nov 2, 2000 ECE 697F: Special Topics - Internet Routing.
Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC.

Internet Routing Registry & RPKI Tutorial Nurul Islam Roman, APNIC.
Lecture Week 3 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.

Lecture Week 3 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 6: Border Gateway Protocol.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 6: Border Gateway Protocol.

Similar presentations

Ads by Google