There are thousands of routing incidents every year… Some of them are the result of typos but some are intentional. Attackers can redirect traffic to their own network causing all traffic to be blackholed or rerouted as per their own intentions. This gives attackers the opportunity to intercept, inspect and modify traffic. These routing incidents can disrupt services, and cause security leaks and financial losses. Regardless of whether the incident is intentional (or not), the end result is always the same - global internet routing infrastructure is affected!
Several protection mechanisms have been introduced to maintain stability and strengthen the security of the global routing system by reducing BGP hijacks and route leaks. This one-day BGP Security course explains the vulnerabilities of the BGP protocol and discusses the counter-measures that should be deployed to prevent accidental and intentional BGP incidents. Several security measures such as Internet Routing Registries (IRRs), filtering and RPKI will be covered in detail and several activities will support the explanations to reinforce theory through practice.
You should attend this training course if you are part of the technical staff at a Local Internet Registry (LIR) in the RIPE NCC service region. This is particularly relevant to those who work with multi-provider connectivity and would like to learn how to secure BGP routing and contribute to global routing security. This course is not intended for administrative or management staff (such as hostmasters). The BGP security course focuses only on the security aspects of the BGP routing protocol. We expect you to be already familiar with the fundamentals of BGP if you register for this course.
IMPORTANT: This is an advanced course, which requires a good understanding of TCP/IP, routing protocols and BGP knowledge.
- Activity: Create route(6) objects
- Activity: Defining Filters
- Registering in the RPKI System
- Activity: Creating ROAs
- RPKI Validation: Deploying RPKI Validators
- Activity: Running Validators
- RPKI Validation: Validating BGP Announcements
- Activity: BGP Origin Validation with RPKI