Logo

Routing Security SIG Forum - Shared screen with speaker view
HAI NGUYEN
17:26
hello every one
Afifa Abbas
18:00
Hello everyone, welcome to the Routing Security SIG Forum!
Sunny
19:12
Session slides will be published herehttps://www.apnic.net/community/participate/sigs/routing-security-sig/
Thaparit Ausakul
19:48
Everyone 😀 morning
Mizanur Rahman
29:11
Good morning , Everyone
Terry Sweetser
31:47
6 major storms cell inbound to Brisbane
Lauren Crean
38:55
I had a similar problem to access that APNIC stat site recently for ROV -- Pushed to DNSSEC stat
Jose Dante Santiago
41:43
What's your favorite ROV after the Routinator 3000?
Jose Dante Santiago
42:12
for those looking to deploy two different "flavors" with redundancy?
David Phelan
43:49
I believe the "tech contact" issue has now been resolved?
vivek nigam
44:00
Indeed
Jose Dante Santiago
49:35
octo?
David Phelan
49:49
Routinator is my favEasy to install.We are currently updating documentation to install other flavours.OCTO has been dropped by Cloudflare
Lauren Crean
50:22
Have you seen any impact on BGP incidents in Nauru following turning on ROV filtering in CenPac? Or is the effect mitigated by the constraints of the satellite upstreams that you mentioned?
Karunanithi NSM
51:52
Hi This is Karunanithi from Jio.......We are in the process of implementing RPKI...we see few challenges while integrating the Routinator with internal system .....but finding challenges in getting real time support from the developers
David Phelan
52:31
There are 2FA apps out there that let you save/share the TOTP codes between multiple devices.
Karunanithi NSM
54:16
Little brief on Risks on Staged and Incomplete Deployment
D'Wayne Saunders
55:12
it creates two sessions on IOSxr
David Phelan
55:20
Valid > Invalid
David Phelan
01:00:10
Bad filter creation will also "Impact your business".Where do you draw the line
Sunny
01:01:03
Risks of Staged and Incomplete DeploymentMore than One TAGlobal InconsistencyData SynchronizationLow Validation AccuracySolutions to Misbehaved CAsSecurity Related to Rsync ProtocolSelection of RP and Support during the implementation and lifecyclemanagement (Example Routinator)
Afifa Abbas
01:01:29
Not having security can cause the bigger impact in coming days
David Phelan
01:03:20
SIgn your ROA yes....But do you need to implement ROV?
Phil Mawson
01:09:23
rpki-client is decent.
Tashi P
01:11:37
:-)
Terry Sweetser
01:12:26
rpki-client is very useful
David Phelan
01:14:03
what are we defining as "mis-behaving"?
Tashi P
01:15:23
@Aftab - I guess it goes back to our previous discussion around a minimum criteria for anyone to be a part of the RPKI framework? Instead of a default entry just because of who they are?
Di Ma
01:16:01
@ David Phelan I suggest you read RFC 8211 to find adverse actions by CA or repository manager
David Phelan
01:16:20
IF a delegated CA goes missing..the only one it affects is the holder of those delegated resources...much the same as DNS.At least with RPKI, if they go missing, then would the resources no just go "not found" ?
Phil Mawson
01:20:06
There is a RPKI discord channel too, the NLNetlab guys are very active on that.
Terry Sweetser
01:20:53
Yes, that's a great source of ad hoc help!
Terry Sweetser
01:21:37
yes
Lauren Crean
01:21:43
Thank you, Philip :)
David Phelan
01:24:09
Whilst Merit are taking money, it will keep going...
David Phelan
01:25:25
Just look at all the proxy objects from the Transit carriers...
Terry Sweetser
01:27:18
https://discord.com/invite/WaPgs8vEKyhttps://discord.com/invite/WaPgs8vEKy
Terry Sweetser
01:27:27
https://discord.com/invite/WaPgs8vEKy
Terry Sweetser
01:27:28
:)
Tashi P
01:27:37
Should “ROA to IRR objects” conversion/translation be revisited and formalised? At least for route/route6 objects…
Achie Atienza
01:29:13
Thanks for the insights :)
Afifa Abbas
01:29:50
Thank you everyone for joining :D
Shane Kern
01:30:11
Thanks all! Very interesting.
Tashi P
01:30:13
Thanks :-)
Casabuena
01:30:14
Thank you.
David Phelan
01:30:15
Thanks Co_Chairs and Philip