The RIPE NCC and Juniper Networks are co-hosting the first RPKI deployathon in March 2019 - a two-day event which will bring together network professionals to work on practical aspects of routing security.

Update

You can read the report from this event here: "Results of the First RPKI Deployathon"

Introduction

We are excited to announce our ninth RIPE NCC event aimed at building tools and cooperating with our community! This time, our focus will be on routing security and in particular the Resource Public Key Infrastructure (RPKI).

We are looking for participants who want to both, learn about RPKI, and receive some hands-on assistance while deploying it. Network professionals who have already adopted RPKI will join us to share their experiences and talk us through their implementation journey.

So far, we have called our events “hackathons”, however, we thought the name “deployathon” better describes the work that will take place during this event. The deployathon provides a great opportunity to learn about the usage of tools, share your feedback, meet professionals from different fields and exchange ideas.

Date and Time: 7 - 8 March 2019, 9:00 - 17:00 CET

Location: Juniper Networks (Amsterdam Office), Boeing Avenue 240, Schiphol-Rijk

Deadline for applications: 29 January 2019

Focus on RPKI

RPKI is a globally available technology that has been developed and adopted through bottom-up community processes. Over the last 12 months, we have seen a significant operational uptake in the deployment of RPKI on a global scale. In the Netherlands, many organisations have already deployed RPKI and will be happy to share their experiences. The graph on the right shows the percentage of IPv4 addresses covered by RPKI (December 2018). You can view this graph in more detail here.

We have also noticed some changes in the industry. The number of network operators and IXPs deploying RPKI-based Route Origin Validation (ROV) - which helps reduce the impact of BGP hijacking attacks and accidental misconfigurations has increased.

During our RIPE NCC::Educa learning event on routing security earlier this year, there was a huge interest in RPKI and great discussions on it and what the future of routing security might look like. This could be the result of the increased operational impact of routing hijacks as well as the greater awareness and demand for routing security.

At the deployathon, we want to make sure you feel confident to make the necessary changes to your router configuration. We will help you generate certificates, sign Route Origin Authorisations (ROA) and demonstrate how to use the RPKI Validator to certify you Internet resources. We will also help you configure your live routers and policies as well as advise you on how to handle exceptions.

Later in 2019, we are planning on hosting another RPKI event on building tools and creating visualisations with RPKI data.

The history of daily validation results for unique Prefix/Origin pairs (December 2018), source: RPKI Monitor

Participants

We are looking for:

Hands-on network operators with access to routers
Network engineers from all possible backgrounds (Enterprise, ISP, CDN, Content Providers, etc.)
Colleagues from Internet Exchanges
Administration staff working for Internet Service Providers that have access to the RIPE NCC’s LIR portal
Support staff from companies with networking infrastructure, who can give feedback about what is really needed in their day-to-day work on routing security
Any LIRs (RIPE NCC members) that are interested in deploying RPKI and assigning their Internet resources

You do not need to have prior knowledge or experience on routing security to attend the deployathon. Please apply if you would like to learn, specially if your learning style is "learning-by-doing" and team-work.

Format

The deployathon will last for two days and will include talks from routing security experts and hands-on practical work on RPKI deployment. You can attend on both days or join us on the day that is most suitable to you.

Agenda

Day 1 - Talks

What is routing security and why it is important
What is RPKI and how it works

Day 1 - Hands-on Work

Setting up the RPKI Validator
Generating certificates and ROAs
Configuring the routers using the Validator

Day 2 - Talks

Policy considerations
How to deploy RPKI in a live network, implications for your helpdesk etc.

Day 2 - Hands-on Work

Enabling routing security on live routers (build and implement policies)
Enabling policies and so "active reject invalids"
Handling exceptions

A week or two prior to the deployathon, we will share an introductory webinar to the available data sets, tools and proposed tasks that you will work on. On both days, you will be grouped into small teams with people from various levels of experience and expertise - so that you can all learn from each other. On the last day of the event, there will be a closing party where we will celebrate all things achieved during the RPKI deployathon.

The top 25 Autonomous Systems based on the amount of IPv4 address space validated by RPKI (December 2018), source: RPKI Monitor

Code of Conduct

Since 2014, RIPE NCC has organised hackathons to share the breadth of experience, diversity of views, and have an open, respectful exchange of ideas – values that we want all of our event attendees to uphold.

Please treat each other with tolerance and respect. Open exchange of ideas are encouraged and celebrated. Demeaning, intimidating or harming anyone at the event is wrong. We are especially against the behaviours that offend based on gender, sexual orientation, religion, race or ethnic origin, or other perceived social, cultural, or personal differences.

If you experience or witness behaviour that violates this Code of Conduct, please report this to the organisers. All reports will be handled confidentially.

Please be aware that attendees violating the Code of Conduct may be asked to leave the event and other actions may be taken as deemed necessary.

Please see more details about RIPE Meetings Code of Conduct.

Venue and Travel

The organisers will not be making any travel or accommodation arrangements for the participants. Food and drinks will be provided throughout the event on both days.

The event is free of charge - there is no fee to pay.

The deployathon will take place at the Juniper Network: Boeing Avenue 240, 1119 PZ Schiphol-Rijk (Amsterdam Office). To travel to the destination, we recommend you use public transport [more details to be confirmed].

Call for Additional Sponsors

Each of the previous RIPE NCC hackathons has been supported by one or more sponsors. Sponsors help financially, logistically, and by demonstrating their support through various means. As a sponsor, you will be promoted during the event, and in all of our communications (announcements, blogs posts, social media); and you will have that warm, fuzzy glow of supporting a community effort!

We are looking for financial support ranging from € 2,000 to € 20,000. We will spend your funds on providing food and drinks to the participants, T-shirts, good coffee, and a closing celebration (dinner and drinks). We prefer to NOT give material or financial prizes to participants, since this event focuses on collaboration, and not competition.

Any funds not used in this deployathon, will be used to support future events organised by the RIPE NCC, where we might providing partial travel grants to encourage participant diversity, or have to pay for hiring the venue.

Previous hackathon sponsors include Comcast, Facebook, Akamai, ISOC, Euro-IX, DENIC, Afilias, ThousandEyes and Farsight Security.

Please contact labs@ripe.net if you are interested in sponsoring the hackathon.