SlideShare a Scribd company logo

Improving the peering business case with RPKI

APNIC
APNIC

Presentation by Job Snijders at APRICOT 2019 on Tuesday, 26 February 2019.

Internet
1 of 20
Improving the peering business case with RPKI Job Snijders NTT Communications job@ntt.net
2 Agenda ● Traditional benefits of peering ● RPKI considerations for IP network operators ● RPKI considerations for IXP operators
3 Traditional benefits of peering Cloudflare AS 13335 Intermediate Provider AS XXX Google AS 15169 Scenario through transit, AS_PATH is 2 hops: XXX_15169 Cloudflare AS 13335 Google AS 15169 Scenario with direct peering: AS_PATH is 1 hop: _15169$ ● No dependency on the intermediate provider (simpler operations) ● Reduced cost (cross-connect often is cheaper than using an intermediate network if you are in the same building) ● Simplified capacity management ● Etc etc
4 The internet keeps connecting directly 4 2012 Source: https://labs.ripe.net/Members/mirjam/update-on-as-path-lengths-over-time
5 Hijack / misconfiguration scenario Cloudflare AS 13335 Intermediate providers Google AS 15169 Attacker AS 15562 Intermediate providersIntermediate providers 185.25.28.0/24 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_XXX_15169 185.25.28.0/23 13335_YYY_15169 185.25.28.0/24 13335_ZZZ_15562 (wins)
6 Hijack / misconfiguration scenario – direct peering Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/24 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 185.25.28.0/24 13335_15562 (wins)
7 Enter RPKI ROAs Prefix: 185.25.28.0/23 Prefix description: Google Country code: CH Origin AS: 15169 Origin AS Name: GOOGLE - Google LLC, US RPKI status: ROA validation successful MaxLength: 23 First seen: 2016-01-08 Last seen: 2019-02-26 Seen by #peers: 40
8 Hijack / misconfiguration scenario – RPKI ROA Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/24 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 (wins) 185.25.28.0/24 13335_15562 (rejected, wrong prefix length) Cloudflare applying “invalid == reject”
9 Change of tactics: announce same prefix Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/23 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 (wins) 185.25.28.0/23 13335_15562 (rejected, wrong Origin ASN) Cloudflare applying “invalid == reject”
10 Change of tactics: spoof origin – NOT EFFECTIVE! Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/23 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 (wins) 185.25.28.0/23 13335_15562_15169 (not shortest AS_PATH) Cloudflare applying “invalid == reject” Spoofed Google AS 15169
11 Summary for Network Operators ● RPKI based BGP Origin Validation protects against misconfigurations ● Origin Validation blocks out more-specifics (malicious or not) ● Shortest AS_PATH is now a security feature ● Direct peering, combined with RPKI, is extremely strong!
12 Considerations for IXP operators Every IXP has a vulnerable spot: the Peering LAN Prefix Imagine DE-CIX Frankfurt – 80.81.192.0/21 Imagine I announce 80.81.192.0/24 to the Default-Free Zone If IX participants accept a more-specific of the Peering LAN Prefix, BGP packets may go the wrong place. Some BGP implementations follow the RIB/FIB for BGP packets → result – BGP sessions across IXP go down. BAD
13 IXP Operator problem space Asking everyone to filter out the Peering LAN prefix is problematic: ● what if you grow the IXP peering lan? Email everyone? ● what about stale configurations, if people don’t update? ● there are 1000+ IXPs world-wide, will all of them email everyone?
14 IXP Operator recommendation ● Create RPKI ROAs for your Peering LAN Prefixes! ● Set MaxLength to exactly the same as the prefix length ● Use Origin “AS 0” or the IXP Services ASN ● Don’t announce the Peering LAN Prefix
15 IXP Route Server considerations Source: BKNIX https://bknix.co.th
16 IXP Route Server Considerations Route Server intention is to mimick direct peering, and provide a convenience service to participants. But if you have an ASN, you have a responsibility. Applies to IXPs too! When networks create RPKI ROAs, we expect them to be honored... Customers expect excellent leadership from IXP Operators!
17 IXP Route Server Considerations We discussed the benefits of RPKI and direct peering. Therefore, IXP Route Server must deploy “RPKI Invalid == Reject” policies! No reason not to, all modern Route Server software supports RPKI: ● IXP Manager ● Arouteserver ● BIRD ● OpenBGPD
18 IXPs using RPKI based Origin Validation ● YYCIX ● INEX ● AMS-IX ● FranceIX ● DE-CIX (soon!) ● Netnod (soon!) ● Others? ● …. you? More information: http://peering.exposed/
19 Summary for IXPs IXP Operators must create RPKI ROAs for their Peering LAN Prefix IXP Operators must enforce “invalid == reject” on Route Servers
20 Questions? Ask at the microphone! Or email me at job@ntt.net

Recommended

PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPROIDEA
 
Title Subtitle
Title SubtitleTitle Subtitle
Title Subtitlewebhostingguy
 
ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜
ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜
ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜LINE Corporation
 
OSインストーラーの自作方法
OSインストーラーの自作方法OSインストーラーの自作方法
OSインストーラーの自作方法LINE Corporation
 
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE Corporation
 
Transparent eBPF Offload: Playing Nice with the Linux Kernel
Transparent eBPF Offload: Playing Nice with the Linux KernelTransparent eBPF Offload: Playing Nice with the Linux Kernel
Transparent eBPF Offload: Playing Nice with the Linux KernelOpen-NFP
 
Disaggregation in PON Network - 4
Disaggregation in PON Network - 4Disaggregation in PON Network - 4
Disaggregation in PON Network - 4Ravi Sharma
 
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PROIDEA
 

Recommended

PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPROIDEA
 
Title Subtitle
Title SubtitleTitle Subtitle
Title Subtitlewebhostingguy
 
ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜
ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜
ソフトウェアでのパケット処理あれこれ〜何故我々はロードバランサを自作するに至ったのか〜LINE Corporation
 
OSインストーラーの自作方法
OSインストーラーの自作方法OSインストーラーの自作方法
OSインストーラーの自作方法LINE Corporation
 
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE Corporation
 
Transparent eBPF Offload: Playing Nice with the Linux Kernel
Transparent eBPF Offload: Playing Nice with the Linux KernelTransparent eBPF Offload: Playing Nice with the Linux Kernel
Transparent eBPF Offload: Playing Nice with the Linux KernelOpen-NFP
 
Disaggregation in PON Network - 4
Disaggregation in PON Network - 4Disaggregation in PON Network - 4
Disaggregation in PON Network - 4Ravi Sharma
 
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PROIDEA
 
Low-power IP: 6LoWPAN & Co.
Low-power IP: 6LoWPAN & Co.Low-power IP: 6LoWPAN & Co.
Low-power IP: 6LoWPAN & Co.Matthias Kovatsch
 
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiBGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiInternet Society
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpen-NFP
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFNetronome
 
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
 
Whitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceWhitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceAPNIC
 
Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngMaximilan Wilhelm
 
Network Measurement with P4 and C on Netronome Agilio
Network Measurement with P4 and C on Netronome AgilioNetwork Measurement with P4 and C on Netronome Agilio
Network Measurement with P4 and C on Netronome AgilioOpen-NFP
 
Sky x technology
Sky x technologySky x technology
Sky x technologyTapesh Chalisgaonkar
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Maximilan Wilhelm
 
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Open-NFP
 
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureUsing Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureNetronome
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Open-NFP
 
Sky x technology
Sky x technologySky x technology
Sky x technologyjoydatta12345
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK
 
Spy x tchnology
Spy x tchnologySpy x tchnology
Spy x tchnologyAkhil Kumar
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 

More Related Content

What's hot

BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiBGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiInternet Society
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpen-NFP
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFNetronome
 
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
 
Whitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceWhitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceAPNIC
 
Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngMaximilan Wilhelm
 
Network Measurement with P4 and C on Netronome Agilio
Network Measurement with P4 and C on Netronome AgilioNetwork Measurement with P4 and C on Netronome Agilio
Network Measurement with P4 and C on Netronome AgilioOpen-NFP
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Maximilan Wilhelm
 
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Open-NFP
 
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureUsing Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureNetronome
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Open-NFP
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 

What's hot (20)

Low-power IP: 6LoWPAN & Co.
Low-power IP: 6LoWPAN & Co.Low-power IP: 6LoWPAN & Co.
Low-power IP: 6LoWPAN & Co.
 
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiBGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with Akamai
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouter
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPF
 
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
 
Whitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceWhitebox Switches Deployment Experience
Whitebox Switches Deployment Experience
 
Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet Processing
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
 
Network Measurement with P4 and C on Netronome Agilio
Network Measurement with P4 and C on Netronome AgilioNetwork Measurement with P4 and C on Netronome Agilio
Network Measurement with P4 and C on Netronome Agilio
 
Sky x technology
Sky x technologySky x technology
Sky x technology
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutes
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
 
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...
 
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureUsing Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit
 
Sky x technology
Sky x technologySky x technology
Sky x technology
 
LF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IOLF_DPDK17_mediated devices: better userland IO
LF_DPDK17_mediated devices: better userland IO
 
Spy x tchnology
Spy x tchnologySpy x tchnology
Spy x tchnology
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 

Similar to Improving the peering business case with RPKI

Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5friv4schoolgames
 
Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Chris Grundemann
 
CGNAT Wide Screen
CGNAT Wide ScreenCGNAT Wide Screen
CGNAT Wide ScreenZCorum
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerAPNIC
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
Pristine rina-sdk-icc-2016
Pristine rina-sdk-icc-2016Pristine rina-sdk-icc-2016
Pristine rina-sdk-icc-2016ICT PRISTINE
 
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PROIDEA
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]Faisal Reza
 
CoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenariosCoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenarioscarlosralli
 
PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network PROIDEA
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3gobed
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN
 
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014Đồng Quốc Vương
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos NetworksCumulus Networks
 
Ocpeu14
Ocpeu14Ocpeu14
Ocpeu14KALRAY
 
How our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersHow our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersSteffen Gebert
 

Similar to Improving the peering business case with RPKI (20)

Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
ccna 4 final 2012
ccna 4 final 2012ccna 4 final 2012
ccna 4 final 2012
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5
 
Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023Peering 101 - ABQNOG1 - May2023
Peering 101 - ABQNOG1 - May2023
 
CGNAT Wide Screen
CGNAT Wide ScreenCGNAT Wide Screen
CGNAT Wide Screen
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
Pristine rina-sdk-icc-2016
Pristine rina-sdk-icc-2016Pristine rina-sdk-icc-2016
Pristine rina-sdk-icc-2016
 
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]
 
CoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenariosCoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenarios
 
PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
 
ARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities ReportARIN 34 IPv6 IAB/IETF Activities Report
ARIN 34 IPv6 IAB/IETF Activities Report
 
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos Networks
 
Ocpeu14
Ocpeu14Ocpeu14
Ocpeu14
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
How our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical RoutersHow our Cloudy Mindsets Approached Physical Routers
How our Cloudy Mindsets Approached Physical Routers
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 

Recently uploaded (20)

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 

Improving the peering business case with RPKI

  • 1. Improving the peering business case with RPKI Job Snijders NTT Communications job@ntt.net
  • 2. 2 Agenda ● Traditional benefits of peering ● RPKI considerations for IP network operators ● RPKI considerations for IXP operators
  • 3. 3 Traditional benefits of peering Cloudflare AS 13335 Intermediate Provider AS XXX Google AS 15169 Scenario through transit, AS_PATH is 2 hops: XXX_15169 Cloudflare AS 13335 Google AS 15169 Scenario with direct peering: AS_PATH is 1 hop: _15169$ ● No dependency on the intermediate provider (simpler operations) ● Reduced cost (cross-connect often is cheaper than using an intermediate network if you are in the same building) ● Simplified capacity management ● Etc etc
  • 4. 4 The internet keeps connecting directly 4 2012 Source: https://labs.ripe.net/Members/mirjam/update-on-as-path-lengths-over-time
  • 5. 5 Hijack / misconfiguration scenario Cloudflare AS 13335 Intermediate providers Google AS 15169 Attacker AS 15562 Intermediate providersIntermediate providers 185.25.28.0/24 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_XXX_15169 185.25.28.0/23 13335_YYY_15169 185.25.28.0/24 13335_ZZZ_15562 (wins)
  • 6. 6 Hijack / misconfiguration scenario – direct peering Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/24 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 185.25.28.0/24 13335_15562 (wins)
  • 7. 7 Enter RPKI ROAs Prefix: 185.25.28.0/23 Prefix description: Google Country code: CH Origin AS: 15169 Origin AS Name: GOOGLE - Google LLC, US RPKI status: ROA validation successful MaxLength: 23 First seen: 2016-01-08 Last seen: 2019-02-26 Seen by #peers: 40
  • 8. 8 Hijack / misconfiguration scenario – RPKI ROA Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/24 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 (wins) 185.25.28.0/24 13335_15562 (rejected, wrong prefix length) Cloudflare applying “invalid == reject”
  • 9. 9 Change of tactics: announce same prefix Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/23 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 (wins) 185.25.28.0/23 13335_15562 (rejected, wrong Origin ASN) Cloudflare applying “invalid == reject”
  • 10. 10 Change of tactics: spoof origin – NOT EFFECTIVE! Cloudflare AS 13335 Google AS 15169 Attacker AS 15562 185.25.28.0/23 185.25.28.0/23 Paths from AS 13335 perspective: 185.25.28.0/23 13335_15169 (wins) 185.25.28.0/23 13335_15562_15169 (not shortest AS_PATH) Cloudflare applying “invalid == reject” Spoofed Google AS 15169
  • 11. 11 Summary for Network Operators ● RPKI based BGP Origin Validation protects against misconfigurations ● Origin Validation blocks out more-specifics (malicious or not) ● Shortest AS_PATH is now a security feature ● Direct peering, combined with RPKI, is extremely strong!
  • 12. 12 Considerations for IXP operators Every IXP has a vulnerable spot: the Peering LAN Prefix Imagine DE-CIX Frankfurt – 80.81.192.0/21 Imagine I announce 80.81.192.0/24 to the Default-Free Zone If IX participants accept a more-specific of the Peering LAN Prefix, BGP packets may go the wrong place. Some BGP implementations follow the RIB/FIB for BGP packets → result – BGP sessions across IXP go down. BAD
  • 13. 13 IXP Operator problem space Asking everyone to filter out the Peering LAN prefix is problematic: ● what if you grow the IXP peering lan? Email everyone? ● what about stale configurations, if people don’t update? ● there are 1000+ IXPs world-wide, will all of them email everyone?
  • 14. 14 IXP Operator recommendation ● Create RPKI ROAs for your Peering LAN Prefixes! ● Set MaxLength to exactly the same as the prefix length ● Use Origin “AS 0” or the IXP Services ASN ● Don’t announce the Peering LAN Prefix
  • 15. 15 IXP Route Server considerations Source: BKNIX https://bknix.co.th
  • 16. 16 IXP Route Server Considerations Route Server intention is to mimick direct peering, and provide a convenience service to participants. But if you have an ASN, you have a responsibility. Applies to IXPs too! When networks create RPKI ROAs, we expect them to be honored... Customers expect excellent leadership from IXP Operators!
  • 17. 17 IXP Route Server Considerations We discussed the benefits of RPKI and direct peering. Therefore, IXP Route Server must deploy “RPKI Invalid == Reject” policies! No reason not to, all modern Route Server software supports RPKI: ● IXP Manager ● Arouteserver ● BIRD ● OpenBGPD
  • 18. 18 IXPs using RPKI based Origin Validation ● YYCIX ● INEX ● AMS-IX ● FranceIX ● DE-CIX (soon!) ● Netnod (soon!) ● Others? ● …. you? More information: http://peering.exposed/
  • 19. 19 Summary for IXPs IXP Operators must create RPKI ROAs for their Peering LAN Prefix IXP Operators must enforce “invalid == reject” on Route Servers
  • 20. 20 Questions? Ask at the microphone! Or email me at job@ntt.net