{"id":1345,"date":"2021-08-16T19:48:52","date_gmt":"2021-08-16T23:48:52","guid":{"rendered":"http:\/\/puluka.com\/home\/?p=1345"},"modified":"2024-09-05T10:06:15","modified_gmt":"2024-09-05T14:06:15","slug":"bgp-rpki","status":"publish","type":"post","link":"http:\/\/puluka.com\/home\/networking\/bgp-rpki\/","title":{"rendered":"Resources for BGP RPKI"},"content":{"rendered":"\n<p>Routing security has been an issue from the start of the internet. ISP must take a number of manual efforts to insure only those authorized inject routes into the internet table. RPKI was created as a way to sign routes using standard public key certificates so that they can be verified as belonging to a particular entity. This will prevent both accidental route leaks and malicious route high jacking.<\/p>\n\n\n\n<p>Below are resources in a recommended order to first learn how the process works and implement this on Juniper Junos routing platforms.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"MANRS-training\">MANRS training<\/h2>\n\n\n\n<p>MANRS (Mutually Agreed Norms for Routing Security) is an organization to encourage ISPs to implement RPKI.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Introduction<\/li>\n\n\n\n<li>IRRs, RPKI &amp; Peering DB<\/li>\n\n\n\n<li>Filtering: Preventing propagation of incorrect routing information<\/li>\n\n\n\n<li>Anti-Spoofing: Preventing traffic with spoofed souce IP addresses<\/li>\n\n\n\n<li>Coordination: Global communications between network operators<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/www.manrs.org\/resources\/training\/tutorials\/\">Tutorials<\/a><\/p>\n\n\n\n<p>MANRS Implementation Guide<\/p>\n\n\n\n<p><a href=\"https:\/\/www.manrs.org\/isps\/guide\/\" target=\"_blank\" rel=\"noreferrer noopener\">MANRS Implementation Guide \u2013 Online Version<\/a><\/p>\n\n\n\n<p>MANRS week videos 2021: <a href=\"https:\/\/www.manrs.org\/resources\/upcoming-events\/rpki-week\/\" target=\"_blank\" rel=\"noreferrer noopener\">RPKI Week<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"Juniper-Documentation\">Juniper Documentation<\/h2>\n\n\n\n<p>Juniper Day One: routing Security PDF version 2<\/p>\n\n\n\n<p><a href=\"https:\/\/www.juniper.net\/documentation\/en_US\/day-one-books\/DO_BGP_SecureRouting2.0.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.juniper.net\/documentation\/en_US\/day-one-books\/DO_BGP_SecureRouting2.0.pdf<\/a><\/p>\n\n\n\n<p>Junos Documentation: <\/p>\n\n\n\n<p><a href=\"https:\/\/www.juniper.net\/documentation\/us\/en\/software\/junos\/bgp\/topics\/topic-map\/bgp_security.html\" target=\"_blank\" rel=\"noreferrer noopener\">BGP Route Authentication | BGP User Guide | Juniper Networks TechLibrary<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"Resources\">Resources<\/h2>\n\n\n\n<p>ARIN RPKI <a href=\"https:\/\/www.arin.net\/resources\/manage\/rpki\/\" target=\"_blank\" rel=\"noreferrer noopener\">Resource Certification (RPKI)<\/a><\/p>\n\n\n\n<p>Peering DB: <a href=\"https:\/\/www.peeringdb.com\/\">https:\/\/www.peeringdb.com\/<\/a><\/p>\n\n\n\n<p>CAIDA Spoofer: <a href=\"https:\/\/www.caida.org\/projects\/spoofer\/\" target=\"_blank\" rel=\"noreferrer noopener\">Spoofer<\/a><\/p>\n\n\n\n<p>Hurricane Electric: <a href=\"https:\/\/blog.apnic.net\/2021\/07\/12\/rpki-rollout-at-hurricane-electric\/\">RPKI <\/a><a href=\"https:\/\/blog.apnic.net\/2021\/07\/12\/rpki-rollout-at-hurricane-electric\/\" target=\"_blank\" rel=\"noreferrer noopener\">rollout at Hurricane Electric | APNIC Blog<\/a><\/p>\n\n\n\n<p>NANOG Presentation 2021:<a rel=\"noreferrer noopener\" href=\"https:\/\/www.nanog.org\/events\/webinar-routing-security\/\" target=\"_blank\"> https:\/\/www.nanog.org\/news-stories\/nanog-tv\/nanog-u\/webinar-state-of-routing-security\/<\/a><\/p>\n\n\n\n<p>Verify which prefixes have verified ROA payloads<br><a href=\"https:\/\/bgpstuff.net\/vrps\/701\">https:\/\/bgpstuff.net\/vrps\/701<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Originally posted: 8\/16\/2021<\/p>\n\n\n\n<p>updated: 6\/11\/2022<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Routing security has been an issue from the start of the internet. ISP must take a number of manual efforts to insure only those authorized inject routes into the internet table. RPKI was created as [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1345","post","type-post","status-publish","format-standard","hentry","category-networking"],"_links":{"self":[{"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/posts\/1345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/comments?post=1345"}],"version-history":[{"count":6,"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/posts\/1345\/revisions"}],"predecessor-version":[{"id":1549,"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/posts\/1345\/revisions\/1549"}],"wp:attachment":[{"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/media?parent=1345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/categories?post=1345"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/puluka.com\/home\/wp-json\/wp\/v2\/tags?post=1345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}