SlideShare ist ein Scribd-Unternehmen logo

RPKI ROA updates

Bangladesh Network Operators Group
Bangladesh Network Operators Group

RPKI ROA updates

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates RPKI ROA updates Anurag Bhatia, Hurricane Electric (AS6939)
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Starts with tweet from my friend Awal
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Thoughts after looking at the tweet... ● Is Awal correct? ● How can I cross validate his claim? ● India has highest number of ASNs & IP prefixes in South Asia. Can that impact these results? ● If true and nothing done more of this will show up!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Thoughts after looking at the tweet... ● Is Awal correct? <- Unfortunately he was correct ● How can I cross validate his claim? <- I actually did, more on this soon... ● India has highest number of ASNs & IP prefixes in South Asia. Can that impact these results? <- That can reflect in absolute numbers but not in relative percentage numbers ● If true and nothing done more of this will show up! <- No, and here I am to talk about it! :-)
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Validating the claim that India was lacking behind...
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates How to do RPKI validation of a country? Find all prefixes originated by that country with origin ASNs and run them against a validator. Simple right?
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Challenges with RPKI validation at country level 1. How do you map prefixes to a given country? What should be the starting point? 2. Running check sequentially against a RPKI validator is slow. When done for thousands of prefixes it’s actually very slow. 3. How to store the output and track it over time?
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Challenges Solutions with RPKI validation at country level 1. How do you map prefixes to a given country? What should be the starting point? <- Instead of prefixes, start with ASN from RIR delegation file. And do ASN -> Prefix mapping 2. Running check sequentially against a RPKI validator is slow. When done for thousands of prefixes it’s actually very slow. <- Used rpki api binary from Louis Poinsignon (Cloudflare) - https://github.com/lspgn/rpki-api 3. How to store the output and track it over time? <- Store data in a MySQL database & analyse output using Grafana
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates More details on RPKI validator lookup ● RIPE RIS is used for raw data to map ASNs to prefixes. ● Data is formatted in csv & queries in a GraphQL format to RPKI API. ● Can scan entire global routing table in 3-4mins! (IN table takes a few seconds) ● Lookup is triggered using Ansible AWX instance. Gives cron like capability but with notification & more. ● Fair amount of code was re-used which I put internally @work to keep an eye on our own routing table as we were deploying RPKI validation across Hurricane Electric’s AS6939 backbone. ● Everything is containerized with Docker
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates If it takes a few seconds on IN, why not scan entire South Asia?
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Presenting rpki.anuragbhatia.com !!!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Asian stats from July 2020 Warning: 6 months old data!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Asian stats now!
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Growth of RPKI Valids in Asia
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI signed growth - absolute signed prefixes
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI signed growth - % signed prefixes
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Indian RPKI invalids
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI ROA public data Public data specific to Bangladesh - https://rpki.anuragbhatia.com/d/F2f3geu7k/bangladesh-rpki-public-data?orgId=1
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Some more details about Grafana ● Used it as frontend for this data. Essentially supports showing data in any form like graphs, table, time data etc. ● Supports different set of data sources including InfluxDB, MySQL, and lot more. ● Open source and free to use in self hosted format. Besides RPKI tool, also used it on RIPE Atlas data export. ● Supports authentication to give restricted access as well as making data available out in public without any authentication.
Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Questions/Feedback/Suggestions? Anurag Bhatia anurag@he.net he.net

Empfohlen

Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricBangladesh Network Operators Group
 
RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
 
APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshBangladesh Network Operators Group
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
Innovative Power Saver
Innovative Power SaverInnovative Power Saver
Innovative Power SaverMustafa Shahid
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNsAPNIC
 

Empfohlen

Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricBangladesh Network Operators Group
 
RPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuRPKI Service Updates by Brenda Buwu
RPKI Service Updates by Brenda BuwuMyNOG
 
APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC RPKI Service Update: MyIX/MyNOG 2017
APNIC RPKI Service Update: MyIX/MyNOG 2017APNIC
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshBangladesh Network Operators Group
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
Innovative Power Saver
Innovative Power SaverInnovative Power Saver
Innovative Power SaverMustafa Shahid
 
Secure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKISecure Inter-domain Routing with RPKI
Secure Inter-domain Routing with RPKIAPNIC
 
Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNsAPNIC
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net ToolsBangladesh Network Operators Group
 
Introduction to Apache Spark 2.0
Introduction to Apache Spark 2.0Introduction to Apache Spark 2.0
Introduction to Apache Spark 2.0Knoldus Inc.
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinMyNOG
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]Mikhail Asavkin
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TAAPNIC
 
VNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingVNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingAPNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
SGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesSGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesAPNIC
 
AS15169 External Route Filtering
AS15169 External Route FilteringAS15169 External Route Filtering
AS15169 External Route FilteringAPNIC
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingAPNIC
 
LkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingLkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingAPNIC
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing APNIC
 
Real-time GraphQL in Angular app
Real-time GraphQL in Angular appReal-time GraphQL in Angular app
Real-time GraphQL in Angular appMikhail Asavkin
 
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJBangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshBangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidBangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTBangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductBangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentBangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022Bangladesh Network Operators Group
 

Weitere ähnliche Inhalte

Ähnlich wie RPKI ROA updates

Introduction to Apache Spark 2.0
Introduction to Apache Spark 2.0Introduction to Apache Spark 2.0
Introduction to Apache Spark 2.0Knoldus Inc.
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinMyNOG
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APNIC
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]Mikhail Asavkin
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TAAPNIC
 
VNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingVNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingAPNIC
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
SGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesSGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesAPNIC
 
AS15169 External Route Filtering
AS15169 External Route FilteringAS15169 External Route Filtering
AS15169 External Route FilteringAPNIC
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingAPNIC
 
LkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingLkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingAPNIC
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing APNIC
 
Real-time GraphQL in Angular app
Real-time GraphQL in Angular appReal-time GraphQL in Angular app
Real-time GraphQL in Angular appMikhail Asavkin
 

Ähnlich wie RPKI ROA updates (14)

RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
Introduction to Apache Spark 2.0
Introduction to Apache Spark 2.0Introduction to Apache Spark 2.0
Introduction to Apache Spark 2.0
 
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. ServinInitial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
 
Transitioning to a single TA
Transitioning to a single TATransitioning to a single TA
Transitioning to a single TA
 
VNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet RoutingVNIXNOG 2019: Securing Internet Routing
VNIXNOG 2019: Securing Internet Routing
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
 
SGNOG2 - APNIC Updates
SGNOG2 - APNIC UpdatesSGNOG2 - APNIC Updates
SGNOG2 - APNIC Updates
 
AS15169 External Route Filtering
AS15169 External Route FilteringAS15169 External Route Filtering
AS15169 External Route Filtering
 
SANOG 34: Securing Internet Routing
SANOG 34: Securing Internet RoutingSANOG 34: Securing Internet Routing
SANOG 34: Securing Internet Routing
 
LkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet RoutingLkNOG 3: Securing Internet Routing
LkNOG 3: Securing Internet Routing
 
mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing mnNOG 1: Securing internet Routing
mnNOG 1: Securing internet Routing
 
Real-time GraphQL in Angular app
Real-time GraphQL in Angular appReal-time GraphQL in Angular app
Real-time GraphQL in Angular app
 

Mehr von Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Mehr von Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 

Kürzlich hochgeladen

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Kürzlich hochgeladen (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

RPKI ROA updates

  • 1. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates RPKI ROA updates Anurag Bhatia, Hurricane Electric (AS6939)
  • 2. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Starts with tweet from my friend Awal
  • 3. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Thoughts after looking at the tweet... ● Is Awal correct? ● How can I cross validate his claim? ● India has highest number of ASNs & IP prefixes in South Asia. Can that impact these results? ● If true and nothing done more of this will show up!
  • 4. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Thoughts after looking at the tweet... ● Is Awal correct? <- Unfortunately he was correct ● How can I cross validate his claim? <- I actually did, more on this soon... ● India has highest number of ASNs & IP prefixes in South Asia. Can that impact these results? <- That can reflect in absolute numbers but not in relative percentage numbers ● If true and nothing done more of this will show up! <- No, and here I am to talk about it! :-)
  • 5. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Validating the claim that India was lacking behind...
  • 6. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates How to do RPKI validation of a country? Find all prefixes originated by that country with origin ASNs and run them against a validator. Simple right?
  • 7. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Challenges with RPKI validation at country level 1. How do you map prefixes to a given country? What should be the starting point? 2. Running check sequentially against a RPKI validator is slow. When done for thousands of prefixes it’s actually very slow. 3. How to store the output and track it over time?
  • 8. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Challenges Solutions with RPKI validation at country level 1. How do you map prefixes to a given country? What should be the starting point? <- Instead of prefixes, start with ASN from RIR delegation file. And do ASN -> Prefix mapping 2. Running check sequentially against a RPKI validator is slow. When done for thousands of prefixes it’s actually very slow. <- Used rpki api binary from Louis Poinsignon (Cloudflare) - https://github.com/lspgn/rpki-api 3. How to store the output and track it over time? <- Store data in a MySQL database & analyse output using Grafana
  • 9. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates More details on RPKI validator lookup ● RIPE RIS is used for raw data to map ASNs to prefixes. ● Data is formatted in csv & queries in a GraphQL format to RPKI API. ● Can scan entire global routing table in 3-4mins! (IN table takes a few seconds) ● Lookup is triggered using Ansible AWX instance. Gives cron like capability but with notification & more. ● Fair amount of code was re-used which I put internally @work to keep an eye on our own routing table as we were deploying RPKI validation across Hurricane Electric’s AS6939 backbone. ● Everything is containerized with Docker
  • 10. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates If it takes a few seconds on IN, why not scan entire South Asia?
  • 11. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Presenting rpki.anuragbhatia.com !!!
  • 12. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Asian stats from July 2020 Warning: 6 months old data!
  • 13. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Asian stats now!
  • 14. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Growth of RPKI Valids in Asia
  • 15. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI signed growth - absolute signed prefixes
  • 16. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI signed growth - % signed prefixes
  • 17. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Indian RPKI invalids
  • 18. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Bangladesh RPKI ROA public data Public data specific to Bangladesh - https://rpki.anuragbhatia.com/d/F2f3geu7k/bangladesh-rpki-public-data?orgId=1
  • 19. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Some more details about Grafana ● Used it as frontend for this data. Essentially supports showing data in any form like graphs, table, time data etc. ● Supports different set of data sources including InfluxDB, MySQL, and lot more. ● Open source and free to use in self hosted format. Besides RPKI tool, also used it on RIPE Atlas data export. ● Supports authentication to give restricted access as well as making data available out in public without any authentication.
  • 20. Anurag Bhatia - Hurricane Electric - RPKI ROA Updates Questions/Feedback/Suggestions? Anurag Bhatia anurag@he.net he.net