ISP Routing
Instructors: Srinath Beldona and Yogesh Jiandani (Cisco), Amante Alvaran (APNIC)

Class Size: 28
Download slides here - 11M tar.gz

Attendees must bring a laptop computer

Who should attend: This is a technical workshop, made up of lectures and hands-on lab work. Open to technical staff who are now or soon will be building or operating a wide area TCP/IP base Internet Service Provider (ISP) network or Internet eXchange Point (IXP), likely with international and/or multi-provider connectivity.

Pre-requisites: Cisco IOS Fundamentals; user level UNIX and maybe some system administration; some use of network design, preferably TCP/IP-based.

What you will learn:

• Techniques for design, set-up, and operation of a metropolitan, regional, or national ISP backbone network. This includes advanced OSPF, BGP4, and policy based routing configurations.

• IOS Essentials every ISP should be doing. The hidden secrets that all key NSPs have been using for years, but not telling anyone (i.e. competitive advantage).

• Techniques for the design, set-up, and operation of Internet Exchange Points.

• Techniques for multiple connections to the Internet (multihoming), including connections to IXPs and ISPs.

• Techniques to achieve optimal performance and configuration from a Cisco backbone router. This includes routing scalability, network design, and configuration tips.

Technologies Covered: OSPF and OSPF areas, iBGP, eBGP, BGP Scaling, BGP Policies, Route Reflectors, BGP Best Practices, BGP Configuration Essentials, Policy Routing, IXP Design.

BGP Multihoming
Instructors: Vincent Ng, Abdul Rahim, Lim Fung (all Cisco)

Class Size: 28
Download slides here - 15M tar.gz

Attendees must bring a laptop computer

Who should attend: This is a technical workshop, made up of lectures and hands-on lab work. Open to technical staff who are operating a wide area TCP/IP base Internet Service Provider (ISP) network or Internet eXchange Point (IXP), likely with international and/or multi-provider connectivity.

Pre-requisites: Cisco IOS Fundamentals; user level UNIX and maybe some system administration; some use of network design, preferably TCP/IP-based; knowledge of OSPF and of BGP. Ideally all attendees will have in the past completed the APRICOT Routing Workshop.

What you will learn:

• Techniques for design, set-up, and operation of a metropolitan, regional, or national ISP backbone network. This includes advanced BGP4 and complex network configurations.

• Techniques for the design, set-up, and operation of Internet Exchange Points.

• Techniques for multiple connections to the Internet (multihoming), including connections to IXPs, other ISPs and to Internet Transit providers.

• Techniques to achieve optimal performance and configuration from a Cisco backbone router. This includes routing scalability, network design, and configuration tips.

Technologies Covered: Refresher on OSPF and iBGP; eBGP, BGP Scaling, BGP Multihoming Techniques, BGP Transit, BGP Best Practices, BGP Communities, Advanced IXP Design.

IPv6 Deployment
Instructors: Kurtis Lindqvist (Netnod), Jordi Palet Martinez (Consulintel), Gaurab Raj Upadhaya (PCH), Miwa Fujii (APNIC)
Slides: download

Class Size: maximum 28

Attendees with laptops are desirable.

Intended Audience: Engineers and operational staffs at ISPs and large networks including academic networks who are planning to use IPv6 either as research or into production networks. Anyone who wants to learn how IPv6 works in practice can also attend.

Pre-Requisites: Good knowledge of IPv4 addressing, network operations as well as knowledge of DNS, Routing with both IGP and BGP. It is important that students have good prior knowledge of operations in IPv4 in order for them to attend this workshop.

Topics Covered:

The workshop will be a a combination of theory and lab. The lab will constitute about 60% of the total course. The course will cover

History of IPv6
- What where the problems to be solved?
- Which where the proposed solutions
- Why was IPv6 chosen?

IPv6 Design and addressing
- What's an IPv6 address?
- Packet formats
- Comparison between IPv4 and IPv6 packets
- Address allocation

Transition from IPv4 to IPv6
- Applications
- Dual-stack
- Various transition technologies
- Teredo
- 6to4
- SIIT
- ISATAP
- 6over4
- etc

IPv6 Neighbour discovery
IPv6 Stateless auto-configuration
Mobile IPv6
Address selection
IPv6 and DNS
- Things to think about
- How to configure

Applications
- What applications are there?
- How do I port my application to support IPv6?
- IPv6 POSIX API

Is IPv6 any good?
- Does it solve today's problems?
- What does the future for IPv6 looks like?

Configuring IPv6 on your machines
- Static addresses
- Prefix advertisement
- Auto-configuration
- DNS-server (bind) and zones
- Configuring postfix for mail
- Configuring Apache for IPv6

- RIP
- OSPFv3
- ISIS
- BGP and BGP Multihoming
- Filtering
- Configuring IPv6 on your router
- Configuring OSPFv3
- Configuring BGP
- Configuring filtering
- APNIC policies with regards to IPv6 Allocation.
- Global IPv6 scenario
- Migration strategies and case studies

DNS & DNSSEC
Instructors: Bill Manning (EP.net), Johan Ihren (Autonomica), Ed Lewis (Neustar)

Class Size: maximum 28

Attendees with laptops are desirable.

Intended audience: This course is suited for systems staff, network administrators, DNS administrators, and other staff with responsibility for design and operations of network services (almost all of which depend on DNS). Anyone else who wants a better understanding of how DNS actually works is welcome too. ccTLD administrators are most welcome.

Pre-Requisites: Basic user level Unix, knowledge of TCP/IP addressing and reasonable idea about how the Internet naming scheme works.

What you will Learn:

A complete and compact introduction to DNS. All of "classic DNS" is covered. Most of standard DNS issues are both theoretically discussed and, through lab exercises, worked with in practice.

Excerpt of topics covered: historic overview, database structure, record types, zones and domains, DNS message structure, recursion, authoritative servers, resolvers, caching, delegation, glue records, the ice floe model vs. the tree hierarchy model, reverse delegation, master vs slave, primary master and hidden master, zone transfers, notify, access control, logging, implementations, design alternatives and aspects.

As time permits, more complex scenarios (including firewalls, "split-DNS", forwarding, etc), TSIG (Transaction Signatures), rndc (remote control of BIND9 nameservers), EDNS(0) (Extended DNS), DNSSEC (securing DNS data through the addition of digital signatures), views, etc. The lab exercises are performed in a BIND9 environment.

The later part of the course covers emerging topics such as secure dynamic update of DNS data. Furthermore DHCP for address space management is covered, including all the details of interection between DHCP and DNS in environments utilizing dynamic update. This course also treat the DNS aspects of IPv6 and DNS issues with migration to a mixed IPv4/IPv6 Internet. Finally international domain names are discussed in some detail.

All topics are fully covered with both lectures and hands-on exercises.

ISP and NSP Network Security
Instructors: Vicky Shrestha (World Link), Damien Halloway (Juniper), Kunjal Trivedi (Cisco)

Class Size: maximum 28

Attendees with laptops are desirable.

Intended audience: Network Operations and security staff at ISPs and Network Service Providers. People who are trying to learn ropes of establishing a functioning security system in their network core and edges. Any one else with interest in Security topics.

Pre -Requisites: This is an advanced course. Good familiarity with UNIX command line and system administration jobs. Knowledge of Layer 3 protocols, and command line of popular routers. Basic knowledge of security concepts is an added advantage.

What do you Learn:

The ISP / NSP Security Workshop focuses on following components to provide comprehensive understanding and hands-on experience allowing you to gain valuable experience in network security best common practices, tools and techniques.

- Network infrastructure security
- Security services

For network infrastructure security, best common practice for protecting infrastructure including IP addressing, baseline building, securing IGP and BGP routing protocols and router filtering techniques are covered in detail. Controlling access to the routers, collecting network telemetry information and control plane protection techniques are discussed.

A six step methodology for detecting and mitigating DDoS attacks on the infrastructure provides hands-on understanding on how to deal with such attacks. Anti-spoofing measures to combat IP spoofing attacks and Remotely Triggered Blackhole (RTBH) filtering to protect against infrastructure attacks hands-on practice provides easy to deploy tools on the SP networks.

The security services address designing, deploying and managing L3 Virtual Private Networks. A balanced discussion covering security of L3VPN provides good basis of evaluating the level of security for the business needs. Finally, a discussion of how managed security services such as IP VPN prepares SP networks for provisioning other security services.