Program

Workshops

2005.1.27 Notice from the APRICOT 2005 Program Committee

The following workshop courses have regrettably been cancelled due to a lack of registrations required to perform the workshop effectively.

WS2 BGP Multihoming
WS4 Multicast
WS5 DNSSEC
WS6 IPv6 Routing

Workshops 1 (Network Infrastructure Security) and 3 (Network Management Tools and Practices) will continue as originally scheduled.

Our sincerest apologies for the inconvenience caused to registrants of the cancelled sessions.

Outline | Details

Outline

Dates:

18-20 February 9:00-17:30, three-day program

Language:

English (* each Workshop will have a minimum of one Japanese speaking instructor)

Registration Fee (three-day fee):

Early Bird (to 26 January 2005)

General Participant	APNIC Member
36,000 JPY	36,000 JPY
approx. 315 USD	approx. 315 USD

Standard + Onsite (27 January 2005 - on site)

General Participant	APNIC Member
45,000 JPY	36,000 JPY
approx. 390 USD	approx. 315 USD

Registration Fee Includes:

workshop materials
coffee breaks (twice daily)	18-20 February
workshop lunch	18-20 February
workshop dinner	20 February

Maximum Participants per Workshop:

20

Outline | Details

Workshops Details

WS1 | WS2 | WS3 | WS4 | WS5 | WS6

WS1 Network Infrastructure Security

Room 510

Workshop Instructors:

Merike Kaeo
Chief Network Security Architect - Double Shot Security, Inc.

Miwa Fujii
Training Officer, Asia Pacific Network Information Center (APNIC)

Amante Alvaran
Asia Pacific Network Information Center (APNIC)

Workshop Description:

Course Content:

APRICOT05-Sec1.pdf
Router_Device_Security_Lab.pdf

Day 1:

Threat Model

internal attacks
external attacks

Securing Device Access

logical (vty, http, snmp)
physical (console)

Lab

configuring filters to limit device access
configuring ssh device access
configuring telnet with IPsec

APRICOT05-Sec2.pdf

Day 2:

Securing Data Traffic

packet filters
encryption (IPsec vs SSL)
control plane protection

Securing Routing Protocols

filtering and policies
flap damping
MD5, IPSEC et al.
prefix/table limits, etc..

Lab

scenario to secure data traffic
scenario to secure routing protocols

APRICOT05-Day3.pdf

Day 3:

Incident Response / Network Forensics

Auditing Tools

sniffers
traffic analyzers
vulnerability assessment

Logging Information

effective logging (what to log)
securing syslog data

DDoS Tools and Techniques

sinkholes
custom-triggered blackhole routing

Lab

scenario for auditing and logging info
scenario for DDoS recognition/mitigation

Intended Audience:

WS1 | WS2 | WS3 | WS4 | WS5 | WS6

WS2 BGP Multihoming Workshop

Workshop Instructors:

Joel Obstfeld
Technical Leader, Cisco Systems

Vincent Ng
TME, CCMSBU
Cisco Systems, Inc

Kumiko Furutani, Cisco Systems, Japan

Yoshishige Kuribayashi, Cisco Systems, Japan

Workshop Description:

Most networks today require a resilient design. The same applies to internet access provision. This workshop considers how best to configure BGP to provide resilience whilst making cost-effective use of multiple links to internet peers. The workshop will cover BGP policy implementation, communities & other BGP attributes as well multihoming techniques through the use of hand's on lab exercises.

Participants should bring their own laptop if they have one.

Course Content

Day 1:

Routing Basics
Introduction to BGP
BGP Attributes and Policy Control
BGP Best Current Practices
BGP Scaling Techniques

Day 2:

Multihoming

Day 3:

IOS Essentials for ISPs
Advanced Communities
Loadsharing and Communities
RFC1998 to the same ISP

Intended Audience:

Operations staff using BGP for Internet connectivity.

Participants should have basic knowledge of BGP and IGP operations.

WS1 | WS2 | WS3 | WS4 | WS5 | WS6

WS3 Network Management Tools and Practices Workshop

Room 553

Workshop Instructors:

Gaurab Raj Upadhaya, Internet Analyst, Packet Clearing House

Dhurba Raj Bhandari, Network Administrator, Soaltee

Tom Vest, Research Officer, Packet Clearing House

Workshop Description:

Network Management is considered integral to any large or small network. Management consists of monitoring, policy implementation as well as logging and evaluation. This workshop covers these aspects of network management. The routing mangement part consists of RPSL and IRR setup, for consistent routing policy management. Nagois is the tool of choice for network onitoring, logging and reporting. Netflow and flow control, as well as, other tools like cricket help in the last aspect which is evaluation of network performance. These tools/concepts are presented in a hands on approach. All workshop content will run on Linux/Unix based machines.

Course Content:

Day 1:

Theory

• RPSL, IRR and Bogon overview
  This will cover basic introduction to RPSL, it's use in Internet routing Registries and the benefits of using it for network infrastructure management. It'll also cover different approaches to installing and running an internal routing registry.
• IRRTools and creating configs for different vendors
  Covers the IRRToolset, maintained by RIPE NCC and how to use it for creating router configs.
• Rancid and CVS for config Stores
  Introduction to CVS and using RANCID for router configuration management. RANCID is a software used for version management of different router/switches configuration.

Lab

• Setting up the IRRd
• Using IRRTools to create configs
• Using RANCID and CVS

Day 2:

Theory

• Nagios and network management, monitoring
  Nagios is a well known network monitoring system, which will be covered.
• Cricket (bandwidth Management / notification / alerts)
  Cricket is a small footprint software used for bandwidth managment and monitoring. It can be used in combination with Nagios.

Lab

• Nagios
  Installing Nagios core programs, Installing plugins, Setting up the web interface, Main configuration file, Object configuration file, CGI configuration file. Combining Nagios with RRDToll for complete management system.

Day 3:

Theory

• Flow capture and analysis
• Running Zebra and routing daemons

Lab

• Installation and configuration of Netflow and RRD/ Configuring routers to capture flows
• Installaing Zebra, peering with the bogon route server and integrating with the Routing register

Intended Audience:

Small to large network operators, whose networks are growing and extended and who need reliable network monitoring and management tools.

WS1 | WS2 | WS3 | WS4 | WS5 | WS6

WS4 Multicast Workshop

Workshop Instructors:

Greg Shepherd, University of Oregon

Joel Jaeggli
Network Applications Specialist, Computing Center, University of Oregon

Workshop Description:

Over the course of this workshop students will design and set up a set of inter-connected multicast networks. The workshop will consist of a set of hands-on exercises for small network teams. Each team will work on a mix of router types and over the course of the workshop will configure their own network and then interconnect with the other teams.

Course Content:

Multicast Concepts and Addressing

Multicast Protocol Soup

IGMP

(Internet Group Membership Protocol) used by hosts and routers to tell each other about group membership

PIM-SM

(Protocol Independent Multicast - sparse mode) used to propagate forwarding state between routers.

MSDP

(Multicast Source Discovery Protocol) used to exchange ASM active source information between RPs.

MBGP

(Multiprotocol BGP) used to exchange routing information for interdomain RPF checking.

SSM (Source-Specific Multicast)

ASM (Any-Source Multicast)

Inter-domain Multicast

Inter-domain Multicast Troubleshooting Methodology

Intended Audience:

Small to large network operators who have an interest in deploying intradomain or interdomain multicast transport support. Participants should have previous experience with router configuration, and basic routing protocols.

WS1 | WS2 | WS3 | WS4 | WS5 | WS6

WS5 DNSSEC Workshop

Workshop Instructors:

Bill Manning

Johan Ihren

Edward Lewis
Senior Technology Industry Liaison, NeuLevel/NeuStar

Workshop Description:

The workshop is expected to focus on the specifics of key rollover, multiple keys, and parent - child interactions. We anticipate using the .JP delegation and its direct children as case studies in the workshop.

Course Content:

Day 1:

Theory

• DNS threat model
• DNSSEC tool-kit components
  TSIG
  DNSKEY/NSEC/RRSIG
• Areas outside the DNS protocol
  Registry Key Mgmt
• KSK/ZSK differences

Lab

• Protect zone transfers w/ TSIG
• Signing Zone data

Day 2:

Theory

• Validation - DNSSEC from the resolver
• Timing - dependence on Time/NTP
• Signature expiration
• NSEC - unintended effects

Lab

• resigning zone data
• signature validity & TTL interaction
• validation failure / debugging

Day 3:

Theory

• signature / key interaction
• resigning keys
• key rollover

Lab

• roll ZSK
• roll KSK
• roll a SEP

Intended Audience:

all dns operation staff

WS1 | WS2 | WS3 | WS4 | WS5 | WS6

WS6 IPv6 Routing Workshop

Workshop Instructors:

Philip Smith, Cisco Systems
Miwa Fujii, Training Officer, Asia Pacific Network Information Center (APNIC)

Workshop Description:

IPv6 has become a mainstream network layer technology and most operating systems are ready to use IPv6. Now it is your turn! This workshop deals with how to configure and provide an IPv6 network starting off from an existing IPv4 network base. Getting early experience can make you a more efficient and effective operator in the future. Participants are expected to know OSPF and BGP for IPv4. Participants should bring their own laptop if they have one.

Course Content:

Day One:

Presentations: Introduction to IPv6, IPv6 Routing Protocols, OSPFv3, BGP for IPv6
Lab Work: Build dual stack IPv4/IPv6 lab with OSPF and iBGP

Day Two:

Lab Work: Introduce eBGP with IPv4 and IPv6 lab, IPv6 Route Filtering, Multihoming Strategies

Day Three:

Presentations: IPv6 Filtering, IPv6 Transition & Deployment
Lab Work: IPv6 OSPF areas and BGP Route Reflector

Intended Audience:

The network operator who needs to build an IPv6 network in addition to IPv4 network. The network operator who wants to know how to build an IPv6 network. Participants should know IPv4 routing concept and how to configure an IPv4 network.