# APRICOT 2020: RPKI Deployathon Agenda # ## Time Schedule ## |Schedule |Time | |------------------|----------------| |Session 1 |09:30 - 11:00 | |Break |11:00 - 11:30 | |Session 2 |11:30 - 13:00 | |Lunch |13:00 - 14:00 | |Session 3 |14:00 - 16:00 | |Break |16:00 - 16:30 | |Session 4 |16:30 - 18:00 | # Facilitators # | Name | Email | Organization | Country | |----|-----------------------|----------------------------|--------------|---------------| | Md Abdul Awal | awal(at)nsrc(dot)org | [NSRC](https://nsrc.org/) | Bangladesh | | Philip Smith | philip(at)nsrc(dot)org | [NSRC](https://nsrc.org/) | Australia | | Aftab Siddiqui | | [ISOC](https://isoc/org/) | Australia | | Warren Finch | | [APNIC](https://apnic.net/) | Australia | | Tashi Phuntsho | | [APNIC](https://apnic.net/) | Australia | | Taiji Kimura | | [JPNIC](https://nic.ad.jp/) | Japan | | Mark Tinka | | [SEACOM](https://seacom.mu/) | South Africa | ## Sessions ## | MONDAY | Topic | Inst | Presentations | Exercises | |------------------------|---------------------------|---------|---------------------------------------------------|----------------------------------------| | Session 1.1 | What the Deployathon is about | PS | | | | Session 1.2 | Why Routing Security | TP | | | | | Discussion: Minimal ROAs, Max Length issues | All | | | | Session 1.3 | Signing ROAs (demo using APNIC Training prefixes) | TP | | | | | Discussion: How to sign Historical Address Space | MT | | | | Session 2.1 | Exercise: Build/Install Validators | All | | [IP Addressing](content/ip-addresses.pdf) | | | Routinator, RIPE NCC validator, Cloudflare, FORT | All | | | | Session 2.2 | Exercise: Validator talking to Routers | All | | | | | Cisco IOS/IOS-XR, Juniper, Nokia, Arista, FRR, BIRD, etc | All | | | | Session 3.1 | Exercise: ROV and vendor interop | All | | | | | Exercise: Best path and conflicting ROA states | | | | | | Exercise: Propagating RPKI state | | | | | | Exercise: RTBH with RPKI | | | | | Session 3.2 | Discussion: Validator deployment models / redundancy | PS | | | | | Discussion: ROV and Default Routes | TP | | | | Session 4.1 | Discussion: Group Discussion | All | | | | | Group Work about RPKI Deployment | TK | | [Paper 1](https://forms.gle/U5uV25QowLfzK4b59) | | | Group Work about RPKI Deployment | TK | | [Paper 2](https://forms.gle/hDsweqkmKgBrCVGm7) | | | Hot Topic Summary areas for Tuesday | All | | | ## Assignments ## | Group | Address1 | Validator1 | Address2 | Validator2 | Border | Address | Core | Address | ASN | Address Block | |-------|----------|------------|----------|------------|---------|---------|--|--|---|----| | 1 | 10.10.0.11 | RIPE | 10.10.0.51 | Routinator | MX204 | 10.10.0.41 | ASR1002 | 10.10.0.45 | 135533 | 61.45.248.0/24 | | 2 | 10.10.0.12 | Routinator | 10.10.0.52 | Cloudflare | Nokia | 10.10.0.47 | MX204 | 10.10.0.42 | 135534 | 61.45.249.0/24 | | 3 | 10.10.0.13 | Cloudflare | 10.10.0.53 | FORT | CSRv | 10.10.0.24 | MX204 | 10.10.0.43 | 135535 | 61.45.250.0/24 | | 4 | 10.10.0.14 | FORT | 10.10.0.54 | RIPE | MX204 | 10.10.0.44 | XRv->CSRv | 10.10.0.21 | 135536 | 61.45.251.0/24 | | 5 | 10.10.0.15 | RIPE | 10.10.0.55 | Routinator | ASR1002 | 10.10.0.46 | XRv->CSRv | 10.10.0.25 | 135537 | 61.45.252.0/24 | | 6 | 10.10.0.16 | Routinator | 10.10.0.56 | Cloudflare | CSRv | 10.10.0.22 | XRv->CSRv | 10.10.0.23 | 135538 | 61.45.253.0/24 | | 7 | 10.10.0.17 | Cloudflare | 10.10.0.57 | FORT | CSRv | 10.10.0.26 | Nokia | 10.10.0.31 | 135539 | 61.45.254.0/24 | | 8 | 10.10.0.18 | FORT | 10.10.0.58 | RIPE | XRv->CSRv | 10.10.0.27 | Nokia | 10.10.0.32 | 135540 | 61.45.255.0/24 | ## Additional Information ## - [RFC8212 - Default External BGP (EBGP) Route Propagation Behavior without Policies](https://tools.ietf.org/html/rfc8212) - [Internet Routing Security Best Practices for Network Operators (MANRS)](https://www.manrs.org/manrs/) - [RIPE 706 MANRS Implementation Guide](https://www.ripe.net/publications/docs/ripe-706) - [BCP 38 - Network Ingress Filtering to Defeat Denial of Service Attacks which employ IP Source Address Spoofing](https://tools.ietf.org/html/bcp38) - [RFC7454 - BGP Operations Security](https://tools.ietf.org/html/rfc7454) - [NLnetLabs Routinator Installation Instructions](https://github.com/NLnetLabs/routinator/blob/master/README.md) - [RFC7115 - Origin Validation Operation Based on the Resource Public Key Infrastructure (RPKI)](https://tools.ietf.org/html/rfc7115) - [RFC8097 - BGP Prefix Origin Validation State Extended Community](https://tools.ietf.org/html/rfc8097)