BGP Routing Security Training Course
Description
BGP Routing Security is a one-day course covering different aspects of the security of BGP protocol. The participant will gain insight and a high-level understanding of the need for security in BGP, the main threats it faces and the main security measures that can be applied nowadays. Some future developments on the topic will also be covered. The course includes theory and hands-on exercises.
In order to attend this course you need a good knowledge of TCP/IP and IP routing, experience with routing protocols (IGPs but mostly BGP), and an understanding of the different BGP routing relationships (Peer, Provider, IXP peering, Customer).
You should attend this training course if you are using, or plan to use, BGP in your network and want to know more about the potential threats and the security solutions available to make your BGP routing more secure.
Pre-requisites
- Ability to use a CLI to configure routers
For this course, you should know about:
- TCP/IP and IP routing
- Classless Inter-Domain Routing (CIDR)
- BGP protocol, BGP attributes, and BGP communities
- BGP routing relationships: Peer, Provider, IXP peering, Customer
Course content
-
The Need for BGP Security
-
Is BGP Secure?
-
Analyse BGP Threats and Attacks
-
Vulnerabilities of the BGP Protocol
-
Causes of BGP Incidents
-
BGP Security Measures
-
Protection of BGP Sessions
-
Exercise: Securing BGP Sessions
-
Implementing Route Filtering
-
Exercise: Creating BGP Prefix Filters
-
Exercise: Filtering AS-Path and number of prefixes
-
Registering in the IRR System
-
Exercise: Creating Route(6) Objects
-
Implementing RPKI
-
Exercise: Creating ROAs
-
Exercise: BGP Origin Validation with RPKI
-
Next Steps for BGP Routing Security
-
Best Practices
Goals
- Identify the inherent vulnerabilities of BGP
- Identify the causes of BGP incidents, their types and their impact
- Identify the recommended security measures for preventing accidental and intentional BGP routing incidents
- Choose suitable security measures related to B sessions
- Identify the purpose of BGP filtering and how it can be used to improve BGP routing security
- Choose the appropriate methods for implementing BGP filters
- Define BGP filter recommendations based on routing relationships
- Identify the purpose of the Internet Routing Registry (IRR) and how it can be used to improve BGP routing security
- Register routing information in the RIPE Database based on routing relationships
- Identify the purpose of RPKI and how it can be used to improve BGP routing security
- Identify elements of the RPKI infrastructure
- Register routing information in the RPKI dashboard by creating a ROA
- Identify differences between available RPKI deployment options
- Validate BGP announcements by using RPKI information (BGP OV)
- Use RPKI data to discard BGP Invalids
- Understand future BGP security challenges and potential solutions