RPKI Week 2022

To highlight the importance of Resource Public Key Infrastructure (RPKI) and encourage network operators to take concrete steps to improve routing security, we will host RPKI Week 2022 from 4-7 July 2022.

RPKI helps prevent Internet routing incidents like prefix hijacking and route leaks. It allows an entity to cryptographically verify that an autonomous system (AS) is authorized to originate a prefix, thus reducing incidents that can lead to DDoS attacks, traffic inspection, lost revenue, reputational damage, and more.

We will bring together partners from across the Internet routing ecosystem to launch tools, provide educational materials, and facilitate discussion and build awareness about routing security.

The event will take place via Zoom and be live-streamed and recorded for later viewing.

Day 1: Monday, 4 July

RPKI and IRR Explorer Tutorial #1

13:00-15:00 UTC

This tutorial will help you understand RPKI from the ground up. We will define issues around routing security and explore how some of those issues can be solved or mitigated by using RPKI. The tutorial requires knowledge about BGP, and will help you understand how you could implement RPKI in your network, from creating ROAs, to understanding how to run validators, and ultimately how to configure Route Origin Validation (ROV). There will be demos for all these actions.

Presenters: Max Stucchi and Teun Vink

Day 2: Tuesday, 5 July

Routing Resiliency Research Roundup

12:00-13:30 UTC

The correct data set helps us make the right decisions to improve the security and resiliency of the global routing table. In this session, we will explore new tools the MANRS research team is building and some other tools our partners are developing.

New Tool: Shutdown and Hijack Measurement and Identification Tool (SHMIT)

This new tool offers better insight into when and how anomalies in BGP happen. Written in python, it leverages publicly available data such as route objects, RPKI, and the RIS Live streaming API. We’ll explore the architecture, the functionality, and the goals of the tool.

Presenter: Max Stucchi

New Tool: Route Collector

This new tool leverages open source software to perform validation of Action 1 of the MANRS for Network Operators Program. MANRS participants will be able to set up BGP sessions toward one or more collectors and have insight into whether or not their filters are working properly. This data will be then reported in the MANRS Observatory and will be available through the reports.

Presenter: Max Stucchi

ROA Historical eXplorer

This tool retrieves historical ROAs from the RIPE RPKI archive based on a prefix and/or AS number provided by the user.

PyBGPKIT API

This tool provides an API that leverages the BGPKIT parser to process MRT dump files from route collector projects (Route Views or RIPE RIS).

Presenter: Mingwei Zhang

A One-Year Review of RPKI Operations

This presentation is about the lessons learnt from a 1-year review of RPKI operations and monitoring by NTT using BGPAlerter.

Presenter: Massimo Candela

Quiz & Prizes

Session Moderator: Amreesh Phokeer

Day 3: Wednesday, 6 July

RPKI and IRR Explorer Tutorial #2

06:00-08:00 UTC

This tutorial will help you understand RPKI from the ground up. We will define issues around routing security and explore how some of those issues can be solved or mitigated by using RPKI.  The tutorial requires knowledge about BGP, and will help you understand how you could implement RPKI in your network, from creating ROAs, to understanding how to run validators, and ultimately how to configure Route Origin Validation (ROV).  There will be demos for all these actions.

Presenters: Max Stucchi and Teun Vink

Roadblocks to RPKI Deployment

12:00-13:30 UTC

RPKI allows holders of Internet number resources to make cryptographically verifiable statements about how they intend to use their resources. In this panel we are not going to discuss RPKI as a technology itself, but the administrative impact and concerns around it and what measures are required to improve the usability and increase the deployment. We’ll hear from the Regional Internet Registries (RIRs) running RPKI behind the scenes and responsible for making it look so simple.  

Quiz & Prizes

Moderator: Andrew Gallo (GWU)

Panelists: David Njuki (AFRINIC), Karla Skarda (APNIC), Brad Gorman (ARIN), Carlos Martinez (LACNIC), Nathalie Trenaman (RIPE NCC)

Day 4: Thursday, 7 July

Future Developments in Routing Security

12:00-14:00 UTC

Every year, we investigate incidents that emphasize the vulnerability of the whole Internet routing ecosystem and how most of these incidents could be avoided. Fortunately, there are reasons to believe these issues will be solved by following best operational practices and improving the protocols on which the global routing relies heavily. In this session, we will explore current developments in this space that will help make the global routing ecosystem more resilient and secure.

How BGPSEC Can Become a Reality

Presenter: Job Snijders

SAVNET: Towards More Accurate Source Address Validation in the Internet

Presenter: Dan Li, Professor, Tsinghua University

Source address spoofing is one of the major security threats in the Internet. Attackers can easily carry out reflection attacks, and hide themselves behind the forged source address. The current practice of source address validation (SAV) mechanism in the Internet, namely, uRPF based technology, lacks validation accuracy in routing asymmetry scenarios. We propose SAVNET, a scalable approach to accurately generating SAV tables in the Internet. The basic idea of SAVNET is to accurately discover the real data forwarding path by exchanging necessary information among routers and ASes. SAVNET can be realized by extending existing intra-domain and inter-domain routing protocols.

Quiz & Prizes

Moderator: Melchior Aelmans (Juniper)