|
You are hereHome » NANOG Meeting Presentation Abstract
|
|
NANOG Meeting Presentation Abstract
Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience | Meeting: | NANOG67 | |
Date / Time: | 2016-06-13 3:00pm - 5:00pm | |
Room: | Gold Room (2nd Floor) | |
Presenters: | Moderators:
Sandra Murphy, Parsons, Inc.Sandra Murphy has been working in security for distributed systems, particularly routing systems, for two decades. She has been an active NANOG participant since NANOG33 and has been working on the RPKI based security solution for BGP in the IETF, NANOG, and RIR communities. She is co-chair of the SIDR working group in the IETF.Doug Montgomery, National Institute of Standards and Technologies (NIST)Manager of the Internet and Scalable Systems Metrology Group within the Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST). In that role I provide technical leadership to NIST's current research and standardization efforts in Internet Infrastructure Protection (e.g., Naming and Routing Security, Internet Protocol security); scalable addressing and routing technologies (e.g., IPv6, new routing architectures); and measurement, modeling and analysis of macroscopic behaviors (e.g., complex systems analysis) within the Internet system.
Panelists:
Tony Tauber, ComcastIn his role as Distinguished Engineer at Comcast, Tony focuses on Backbone and Core network architecture and engineering with particular attention to measurement, manageability, and automation. He also partners with the research and education communities on projects and currently chairs the NANOG Program Committee.
In the past Tony held senior network engineering positions at BBN, GTE Internetworking, Genuity, Level3, and MIT Lincoln Lab as well as served as co-chair of the Routing Protocol Security working group in the IETF.Rick Mayberry, MicrosoftMy passion is primarily around securing large networks and, for the majority of my career, I’ve worked for Internet Service Providers (ISP). My secondary interests are network engineering and network technology, cloud and virtualization, measuring security program effectiveness and enabling product teams to build secure products through repeatable processes, patterns and shared services (security architecture). I am not your typical counter-culture, paranoid, policy or compliance security professional. I believe security is just another delivery organization within larger IT/Engineering. I believe a security organization should deliver horizontal shared services that can be leveraged by other IT initiatives and accelerate product or service delivery. I also am a strong believer that security is a means to increased availability – especially within a service provider environment.John Scudder, Juniper NetworksJohn Scudder is a Distinguished Engineer at Juniper Networks. He has worked in the Internet industry since 1990, when he joined the Internet Engineering team at Merit Network, Inc, doing network engineering and support for the NSFNET. Since then he has worked at a variety of Internet companies, large and small. His interests include routing protocols, particularly BGP, and routing security. He co-chairs the IETF IDR (which standardizes BGP and its extensions) and SPRING (segment routing) working groups, and is a past co-chair of the IETF Routing Area working group. John's first NANOG was in 1990 or so, when it was still called Regional-Techs.
Thomas KingThomas King was Head of the Research & Development department at DE-CIX until the end of 2015. Since 2016, Thomas King has been promoted to the newly-created position of CIO of DE-CIX.Henk Steenman, AMS-IXHenk Steenman is CTO at AMS-IX since the end of 2001Greg Hankins, NokiaGreg Hankins has been attending NANOG since 1998, first as a network
operator and now as a hardware vendor. He also attends APRICOT, Euro-IX,
various Peering Forums, RIPE, and regional operator conferences where
he frequently speaks on network technology and operational topics.
Greg currently works as a Senior Product Manager for Nokia.Mark Kosters, ARINMark Kosters is the CTO of the American Registry for Internet Numbers
(ARIN), responsible for all engineering initiatives within the
organization, leading both development and operations. Mark has over
twenty-seven years of experience as an applications developer, networking
engineer, technical manager and executive.
Over the last twenty-two years, he has been a senior engineer at Data
Defense Network (DDN) NIC, chief engineer and Principal Investigator under
the NSF-sponsored Internet NIC (InterNIC), Vice President of Research at
VeriSign, and now CTO of ARIN. Over his career, Mark has been involved in
application design and implementation of core internet client/server
tools, router administration, UNIX system administration, database
administration, and network security. He has represented both network
information centers in various technical forums such as the IETF, RIPE,
APNIC, CaribNOG and NANOG.Arjun Sreekantiah, Cisco.Keyur Patel, CiscoKeyur Patel is a Distinguish Engineer at Cisco with focus on BGP routing. Keyur is the architect for the Cisco IOS BGP origin AS validation feature and a key contributor on the standardization process in the IETF. Keyur has 6 published RFCs and more than 30 working documents in this area.Matthias Wählisch, Freie Universitaet BerlinMatthias Wählisch a senior research scientist at Freie Universität Berlin, heading the research activities on Internet technologies. His research and teaching focus on efficient, reliable, and secure Internet communication. This includes the design and evaluation of networking protocols and architectures, as well as Internet measurements and analysis. His efforts are driven by transforming solid research into practice, trying to improve Internet-based communication. In addition to scientific contributions, Matthias is also involved in the IETF, where he co-authored several Internet drafts and six RFCs. He also co-founded several open source projects such as RTRlib and RPKI MIRO. | |
Abstract: | Malicious BGP route hi-jacks and and accidental mis-originations continue to threaten the security and robustness of the global Internet. Over the last several years the IETF, RIRs, router vendors, and researchers have developed and implemented an approach to BGP origin validation based upon a global resource public key infrastructure (RPKI) that permits operators anywhere in the Internet to detect unauthorized route announcements and implement local polices to mitigate (e.g., filter) these events.
This track will examine the current state of RPKI Origin Validation (ROV) technologies: products, services, implementations, configurations, and tool sets that could be useful to operators in planning, deploying, and monitoring ROV use in their networks. Actual operational experiences with ROV deployment will be described as well as issues that need to be addressed to further operational deployment.
1. RPKI Introduction
Doug Montgomery / Sandy Murphy
2, RPKI hosted services
Mark Kosters, CTO ARIN
3. RPKI Implementations
Doug Montgomery / Sandy Murphy
4. Router Vendor Implementations
Cisco / Juniper / Alcatel Greg Hankins
5. RPKI Test, Training, Monitoring, Management tools.
Matthias Waelisch, Doug Montgomery, Sandy Murphy
6. Deployment Experiences Panel (30 min)
JR Mayberry/Microsoft, Tony Tauber/Comcast, Thomas King/DE-CIX | |
Files: | Hankins (PDF)
King(PDF)
Kosters(PDF)
Mayberry(PDF)
Montgomery_Murphy (PDF)
Patel(PDF)
Scudder(PDF)
Steenman(PDF)
Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Wählisch(PDF)
| |
Sponsors: | None. | |
Back to NANOG67 agenda. NANOG67 Abstracts- Conference Opening
Moderators: Daniel Golding, NANOG Board, Google; Speakers: Peter JacobyRCN; .L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
- Conference Opening
Moderators: Daniel Golding, NANOG Board, Google; Speakers: Peter JacobyRCN; .L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
- Conference Opening
Moderators: Daniel Golding, NANOG Board, Google; Speakers: Peter JacobyRCN; .L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
- Conference Opening
Moderators: Daniel Golding, NANOG Board, Google; Speakers: Peter JacobyRCN; .L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
- Conference Opening
Moderators: Daniel Golding, NANOG Board, Google; Speakers: Peter JacobyRCN; .L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Moderators: Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists: Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;
- DNS Track
Speakers: edward lewisICANN; .Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .Casey Deccio, Verisign Labs; Yacin Nadji.
- DNS Track
Speakers: edward lewisICANN; .Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .Casey Deccio, Verisign Labs; Yacin Nadji.
- DNS Track
Speakers: edward lewisICANN; .Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .Casey Deccio, Verisign Labs; Yacin Nadji.
- DNS Track
Speakers: edward lewisICANN; .Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .Casey Deccio, Verisign Labs; Yacin Nadji.
- DNS Track
Speakers: edward lewisICANN; .Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .Casey Deccio, Verisign Labs; Yacin Nadji.
- Security Track
Speakers: John Kristoff, DePaul University; Christoph Dietzel.Ryan Haley.Jelena Mirkovic.
- Security Track
Speakers: John Kristoff, DePaul University; Christoph Dietzel.Ryan Haley.Jelena Mirkovic.
- Security Track
Speakers: John Kristoff, DePaul University; Christoph Dietzel.Ryan Haley.Jelena Mirkovic.
- Security Track
Speakers: John Kristoff, DePaul University; Christoph Dietzel.Ryan Haley.Jelena Mirkovic.
|
|