The RPKI and You
Time 10/26/14 01:00PM-04:00PM
BGP Origin Validation based on the Resource Public Key Infrastructure
(RPKI) is in production, all RIRs have services, Cisco and Juniper
have shipping code, operators are deploying. It protects against
accidental mis-origination, the most common routing error we see
today. There are many RFCs.
We will explain the RPKI and the protection it provides against
mis-originations and the ongoing IETF work.
We will demonstrate the RPKI work-flow for using the full
implementation in open source RPKI software from GUI to running
router. There are essentially two components:
- The Certification Authority (CA), whereby an Internet Registry (NIR,
large ISP, etc.) issues certificates for 'customers' and allows
customers to use the CA's web GUI to issue Routing Origin
Authorizations (ROAS) for their prefixes.
- Relying Party (RP) software which gathers the data from the CAs and
gives operators tools to use the data in the NOC and directly in
routers to validate BGP announcements.
In this workshop, operators can build and use the entire system, end
to end. Participants can build RP software (you will need a server
somewhere on the net), run it, and watch the effect on BGP routing on
real routers on the real Internet. Participants can install CA software
on their servers and use it to manage certification, customers, etc.
Speaker Rob Austein Dragon Research Labs
Primary track Security
Secondary tracks Advanced Networking/Joint Techs