some available rpki tools
play

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo - PowerPoint PPT Presentation

Jan 15, 2023 •194 likes •305 views

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1 Thursday, August 1, 13 RPKI Tools The authors believe the information already contained in the RPKI has value in itself, even for operators not

  1. Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1 Thursday, August 1, 13

  2. RPKI Tools • The authors believe the information already contained in the RPKI has value in itself, even for operators not able / not willing to run OV in their routers at this time • We believe there is a gap in the available tools that currently prevents this from being realized. • We believe in enabling and encouraging alternative use cases for the information already stored in the RPKI • There is a perceived need for better monitoring tools • We look forward to feedback from all users as to which directions tool development should follow 2 Thursday, August 1, 13

  3. Tool #1: Origin Validation LG • Goals • Ability to display and showcase the current status of RPKI deployment • Enable possible uses of RPKI without having to enable OV in routers just yet • Check proper resource usage rights when establishing peering relationships • Automating alarms 3 Thursday, August 1, 13

  4. Origin Validation LG Available at: http://www.labs.lacnic.net/rpkitools/looking_glass/ • Screen shot 4 Thursday, August 1, 13

  5. Origin Validation LG 5 Thursday, August 1, 13

  6. Origin Validation LG • Allows searching dataset by prefix, expected origin ASN as per ROAs, currently-seen origin ASN and filtering by valid / invalid • Web-friendly or machine-readable output. Queries are bookmarkable • Enables additional RPKI usage scenarios: • #1: When establishing peering relationships, parties can manually check ROA data and use it configure peering session • #2: Automate some infrastructure checks 6 Thursday, August 1, 13

  7. Tool #2: The RPKI Dashboard • [Over to Benno] 7 Thursday, August 1, 13

  8. Tool #3: The ROA Wizard User enters his/ hers LACNIC ORG-ID UY-ANTA-LACNIC 8 Thursday, August 1, 13

  9. The ROA Wizard • Allows easy ROA previewing, no login needed (i.e. can be used by ops engineers with no portal login rights) • If you have the login, you can create the detected ROA in two clicks 9 Thursday, August 1, 13

  10. A ROA to BGP prefix list ‘converter’ 10 Thursday, August 1, 13

  11. Thanks ! Thursday, August 1, 13

Recommend

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay) Chung (https://tijay.github.io) Assistant Professor Rochester Institute of Technology 1 Outlines RPKI deployment and invalid route origins

583 views • 43 slides
Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing RPKI Statistics challenges IRR Status Do we have a Research solution? Opportunities Using ARINs RPKI components @

889 views • 51 slides
AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

SECURING THE INTERNET VALIDATING ROUTING WITH RPKI AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot 2020 RPKI Feb 20 ABOUT REANNZ New Zealands NREN Engineering team of 7

662 views • 54 slides
From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny Cooper Leonid Reyzin Sharon Goldberg Boston University Aug 2014 Overview Motivation: The RPKI* (2011 to present) secures interdomain routing,

660 views • 27 slides
Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania December 10, 2019 Research supported by NSF EAGER Award #1748362 Global RPKI Deployment ASes Validating Routes 5%, 5 3%, 3 9%, 8 12%, 11 71%, 65

216 views • 8 slides
RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing Security 2 Routing Registry route objects RPKI (Resource Public Key Infrastructure) ROAs (Route Origin Authorisation) RPKI and Routing

422 views • 31 slides
RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI Overview Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 2 Simply put 3 parts - Create certificates - Install/run validator -

562 views • 17 slides
Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer

Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer

Applied Networking Research Workshop 2020 acm sigcomm Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer SIT Motivation - Resource Public Key Infrastructure (RPKI) secures the interdomain routing

586 views • 39 slides
Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0 Project: New RPKI system DNSSEC v2.0 Project: New DNSSEC signer IETF activities: Identity and join key WGs and RGs African Internet Resources

308 views • 13 slides
A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Validator http://rpki.net/ A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts Connection Counts Objects/Connection Seconds/Object Rob Austein

663 views • 32 slides
Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study. IETF 89 LONDRES MARCH 2014 Fabin Meja Why and who? BGP origin validation based on RPKI is in early stages of deployment. It is necessary to

314 views • 13 slides
MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston University Outline Background How does BGP work? How does RPKI work? What is the maxLength? How maxLength causes problems

741 views • 34 slides
Key Rollover for the RPKI Steve Kent (Channeling Geoff

Key Rollover for the RPKI Steve Kent (Channeling Geoff

Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston ) Key Rollover Document New doc: draC-huston-sidr-aao-profile-0-

494 views • 14 slides
Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of Connec2cut, Bar Ilan Univ, Fraunhofer SIT Joint project with Tomas Hlavacek, Yafim Kazak, Rafi Peretz, Fabian Sauer and Haya Shulman Route-Hijacking:

687 views • 36 slides
BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec

BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec

Advanced Network Security BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec Startng (almost) from scratch 2 Autonomous systems (AS) Internet is divided into Autonomous Systems (AS) Controlled by

815 views • 39 slides
The Current State of DNS Resolvers and RPKI Protection By Erik Dekker and Marius Brouwer 1

The Current State of DNS Resolvers and RPKI Protection By Erik Dekker and Marius Brouwer 1

The Current State of DNS Resolvers and RPKI Protection By Erik Dekker and Marius Brouwer 1 Motivation Why is this research important? 2 Motivation BGP is old First RFC was published in 1989 (RFC 1105) BGP was developed in times

457 views • 28 slides
RPKI rsync Download Delay Modeling Steve Kent and Kotikalapudi Sriram Email: kent@bbn.com ;

RPKI rsync Download Delay Modeling Steve Kent and Kotikalapudi Sriram Email: kent@bbn.com ;

RPKI rsync Download Delay Modeling Steve Kent and Kotikalapudi Sriram Email: kent@bbn.com ; ksriram@nist.gov March 11, 2013 IETF-86 SIDR WG Meeting, Orlando, FL The authors wish to thank David Mandelberg, Andrew Chi, and Rob Austein for

549 views • 29 slides
An Evaluation of IPFS As A distribution Mechanism for RPKI Repository Dadepo Aderemi, Woudt van

An Evaluation of IPFS As A distribution Mechanism for RPKI Repository Dadepo Aderemi, Woudt van

An Evaluation of IPFS As A distribution Mechanism for RPKI Repository Dadepo Aderemi, Woudt van Steenbergen Supervisor: Luuk Hendriks | NLnet Labs July 2, 2020 Web DNS IPFS IPFS Primer What A peer-to-peer distributed file system that

853 views • 25 slides
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010 Addition of Normative Language Originally the CP was an I-D. It was changed to be a regular document and as part of this the RFC 2119 keywords were

344 views • 15 slides
rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net 1 RPKI uses rsync RPKI uses rsync as its data publica>on protocol for wider

681 views • 47 slides
RPKI Tutorial MENOG 10, Dubai UAE Marco Hogewoning Trainer Goals Explain where it started

RPKI Tutorial MENOG 10, Dubai UAE Marco Hogewoning Trainer Goals Explain where it started

RPKI Tutorial MENOG 10, Dubai UAE Marco Hogewoning Trainer Goals Explain where it started Learn what resources certificates are Learn how to request a certificate Learn how to create a Route Origin Authorization Learn how to

977 views • 59 slides
Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

BFOC13. Boston University Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon Goldberg Leonid Reyzin Princeton University Boston University How Secure is Internet Routing Today? (1) I am

375 views • 14 slides
Internet Resource Certification (RPKI) Building a More Secure Internet Sint-Maarten Internet Week

Internet Resource Certification (RPKI) Building a More Secure Internet Sint-Maarten Internet Week

Internet Resource Certification (RPKI) Building a More Secure Internet Sint-Maarten Internet Week Carlos Mar2nez Cagnazzo carlos @ lacnic.net A9acks on rou;ng: IP hijacks How Internet number resources are managed IANA ARIN LACNIC APNIC

788 views • 31 slides
Tools Google, et. al. Also, Ive tended to focus on Windows-based tools (with some mention

Tools Google, et. al. Also, Ive tended to focus on Windows-based tools (with some mention

Tools Here is a list of potentially useful tools and utilities with Computer Security which to fight the onslaught of viruses, worms, Trojan horses, and other malware. Dont consider it in any way a complete list! There are lots of

1.16k views • 9 slides

More recommend