Skip to main content
APRICOT 2021 logo
22 February – 4 March 2021
Sun Graphics

Accepted Presentations

Conference

DNS Privacy - An Update

  • Geoff Huston

It is time to replace MD5...with TCP-AO

  • Melchior Aelmans

BGP in 2020

  • Geoff Huston

RPKI at Hurricane Electric

  • Susan Forney

DNS Privacy - An Update

A look at the current efforts to improve aspects of privacy in the DNS and an assessment of their effectiveness. The presentation os not overly optimistic about the prospects for widespread adoption, becuase, as the presentation points out, the economy of DNS name resolution is not all that susceptible to innovation. This is perhaps the biggest barrier to adoption of any of the privacy proposals.

It is time to replace MD5...with TCP-AO

There have been many recent concerns about TCP MD5. Its use of a simple keyed hash for authentication is problematic because there have been escalating attacks on the algorithm itself. TCP MD5 also lacks both key-management and algorithm agility.

In this talk I want to present an often talked about but till now never implemented solution to this issue; The TCP Authentication Option(TCP-AO). Nokia, Cisco and Juniper now have production code available so it is time to start replacing MD5 with TCP-AO to secure BGP and other (long-lived) TCP connections.

BGP in 2020

A look at the previous year in BGP, looking at the change in the size of the routing table and its dynamic behaviours. The presentation predicts the future growth of the network in the coming years based on this data. It is intended to be a short update.

RPKI at Hurricane Electric

This talk explains how Hurricane Electric deployed RPKI ROA validation in its network and reports on the current state of RPKI, the trends in ROA creation, and how RPKI does and does not protect the Internet.

Peering Forum

National Internet Exchange of Afghanistan

  • Sherafzal Yousifzai

Tutorials

Securing Internet Routing with RPKI

  • Tashi Phuntsho
  • Bayani (Bani) Benjamin Lara

Network Monitoring & Management 2.0 Tutorial

  • Hervey Allen

Wireless Deployment Tutorial

  • Sebastian Büttrich

IPv6 Deployment

  • Jordi Palet

DNSSEC Operations Tutorial

  • Phil Regnauld
  • Champika Wijayatunga

Securing Internet Routing with RPKI

Tutorial website

Why do we keep seeing news headlines about major networks not being reachable because traffic got rerouted to somewhere else? BGP mishaps are very common and frighteningly very easy. Examples are malicious route hijacking, mis-origination (fat fingers), and bad filters (route leaks). We need better mechanism(s) to ensure no one can inject false information into the global routing system that easily. This tutorial will look at current route filtering tools/techniques, how RPKI is just a piece in the puzzle, and what we should do to secure the internet routing.

Pre-requisites

This tutorial is for delegates who manage their IP resources (tech/corp contacts). Delegates are required to come with MFA/OTP already enabled for their account and with the necessary permission from their Corp contacts, to not just demo creating ROAs, but also to sign their prefixes for use in their operations.

View More

IPv6 Deployment

This tutorial will introduce both technical and non-technical aspects, based in real experiences in hundreds of networks, for the deployment of IPv6 in your own ISP network (covering both, wireline and cellular).

This tutorial will take 8 sessions, 1 hour each, in 4 days (2 sessions per day).

The first goal is that decision makers and engineers have an overall view (mainly in the 2 first sessions), of key points such as:

  1. What happened with IPv4 and what is IPv6
  2. Why you need IPv6 in your network?
  3. What is the rest of the world doing?
  4. Do you’ve workarounds?
  5. How can I do it in my own network?
  6. What are the required upgrades?< li>
  7. What are the costs?

The tutorial will be carried out in such way that the engineers also can understand key points related to:

  • Deployment of IPv6 in the core IP backbon (session 3)
  • Deployment of IPv6 in wireline access network(xDSL, Cable, FTTx) (session 4)
  • Deployment of IPv6-only and IPv4aaS (IPv4-as-a-Service) (session 5 & 6)
  • Deployment of IPv6 in cellular networks (session 7)
  • Deployment of IPv6 in Data Centers (content hosting) (session 8)

Note that the exact match of contents and sessions may depend on the Q&A sessions.

View More