APNIC Academy Training

1. Network Management, Monitoring & Security Workshop
2. Advanced Routing Workshop

Network Management, Monitoring & Security Workshop

Instructors:

Shane Hermoso + 2 FT trainers (TBC)

Synopsis

In today’s rapidly evolving IT landscape, ensuring a secure and efficient network infrastructure is critical. This workshop will provide practical skills and knowledge for securing networks, managing complex systems, and effectively monitoring performance to minimize downtime and risks. The two key topics covered in this workshop include:

• Network security, a broad topic that affects many aspects relating to end-users, applications, and infrastructure. This workshop will examine key concepts, protocols, policies, and practices to protect data and assets from potential attacks or abuse. It will also cover network infrastructure security with a focus on establishing robust, stable networks with secure routing. This workshop will also discuss security operations and examine common security incidents/breaches, countermeasures and mitigation tools.
• Network management and monitoring, a critical process for ensuring the reliability, performance, and security of the network infrastructure. It includes managing network devices, monitoring their performance, resolving alerts and securing the network from threats.

This workshop dives deep into network security and network management and monitoring concepts and protocols. Participants will explore different security and monitoring tools, including security controls, configuration management, and network telemetry.

Target Audience

This workshop is intended for network administrators, system administrators and security professionals who are interested to learn about the latest technologies and best practices in network security and NMM, and would like to gain further understanding of network and security operations.

Pre-requisites

It is assumed that participants have a basic understanding of:

• Network operations, Internet technologies, OSI reference model and TCP/IP
• Basic command line (CLI) skills

We recommend the following Academy courses be completed before the start of the tutorial:

• Network security fundamentals
• Routing Fundamentals
• Linux Virtual Lab

Course Outline

• Intro to Network Security
• Device & Infrastructure Security
• Packet Analysis
• Intrusion Detection
• DDoS Attacks and Countermeasures
• BGP Route Hijack, Leak Detection & Prevention
• IPv6 Security
• Secure Internet Routing
• Security Operations & Monitoring
• Vulnerability Assessment and Penetration Testing
• Honeypots and Honeynet
• Log Management & Flow Monitoring
• Time series database
• Model-driven Telemetry

Other Requirements

• Participants are advised to bring their own laptop or desktop computers with high-speed internet access and administrative access to system. It is also recommended that computers have Intel i5 or i7 processor, >=8GB of RAM and 30GB of free hard disk space.
• Software: SSH Client, Telnet Client (PuTTy)
• Confirm Secure SHell (SSH) is allowed from the office or home network to access the lab infrastructure. Test SSH connectivity, try to connect to route-views.routeviews.org.For example, from the CLI type: ssh rviews@route-views.routeviews.org
• Attendees must have an APNIC Academy login account. If you don't have one already, you can create an account for free at https://academy.apnic.net/
• Please test the speed of your Internet connection to the servers where the Virtual Machines (VMs) are hosted at the Learn on Demand data centres, using the speed test tool at https://www.learnondemandsystems.com/speedtest/

Advanced Routing Workshop

Instructors:

Terry Sweetser + 2 FT trainers (TBC)

Synopsis

The Advanced Routing Workshop is a comprehensive, hands-on program designed for experienced network professionals seeking to deepen their understanding of BGP and advanced routing concepts. This workshop assumes a good working knowledge of routing fundamentals and builds upon these to explore sophisticated BGP implementations, traffic engineering techniques, and security considerations in today's complex network environments.

Participants will develop practical skills through extensive lab exercises that mirror real-world scenarios encountered in service provider and enterprise networks. The workshop covers critical topics including BGP policy implementation, route redistribution, scaling techniques, security mechanisms, and the integration of IPv6 into existing routing infrastructures. Special emphasis is placed on BGP best practices, RPKI deployment, and traffic engineering strategies that optimize network performance and resilience.

By the end of this intensive workshop, participants will be equipped with advanced routing expertise to design, implement, and troubleshoot complex routing infrastructures that meet the demands of modern network environments.

Target Audience

This workshop is intended for network engineers working in active operational environments within service providers or multi-homed enterprise networks. Ideal participants include:

• Network engineers responsible for BGP routing design and implementation
• Systems administrators managing complex routing infrastructures
• Technical staff involved in Internet exchange point operations
• Network architects planning service provider network expansions
• Security professionals focusing on routing infrastructure protection

Pre-requisites

Participants are expected to have:

• Working knowledge of routing protocols, particularly BGP
• Practical experience with Internet operations
• Familiarity with basic networking concepts and the TCP/IP model
• Experience with router configuration (Cisco IOS, Juniper, or similar platforms)
• Understanding of IP addressing and subnetting

We recommend the following APNIC Academy courses be completed before attending this workshop:

• Introduction to BGP
• Routing Fundamentals

Course Outline

Day 1: BGP Fundamentals and Advanced Concepts

BGP Relationships

• BGP peering relationships (transit, peering, customer)
• iBGP vs. eBGP considerations
• BGP route propagation and path selection

Advanced BGP Concepts

• BGP routing policies implementation
• BGP path attributes and their manipulation
• BGP best path selection process

Day 2: BGP Implementation and Security

BGP Best Common Practices (BCPs)

• BGP ingress and egress filtering techniques
• Prefix-list and route-map design strategies
• Route dampening considerations
• Operational guidelines for stable BGP deployments

BGP Security

• Common BGP threats (route leaks, hijacks)
• BGP security mechanisms
• Securing BGP sessions with authentication
• Monitoring BGP for security anomalies

BGP Traffic Engineering, Transit & Peering

• BGP route redistribution techniques
• EBGP load sharing and failover strategies
• IBGP scaling methods (route reflectors, confederations)
• Implementing traffic engineering with BGP

Day 3: RPKI and Advanced Routing Security

Resource Public Key Infrastructure (RPKI)

• RPKI framework and components
• ROA implementation and validation
• RPKI-based origin validation
• Global RPKI adoption and filtering practices

RPKI Validator and ROV Labs

• Deploying RPKI validator solutions
• Implementing Route Origin Validation (ROV)
• Integration with existing BGP infrastructure
• Troubleshooting RPKI validation issues

Day 4: IPv6 Deployment and Advanced Topics

Advanced Topics in IPv6

• IPv4 routes with an IPv6 next hop
• IPv6-only and dual-stack routing considerations
• IPv6 BGP attribute handling differences
• IPv6 traffic engineering techniques

IPv6-Mostly Networks: Deployment and Operations

• Planning IPv6 deployment in BGP environments
• Managing dual-protocol routing infrastructure
• IPv6 BGP security considerations
• Monitoring and troubleshooting IPv6 BGP sessions

Train-The-Trainer Sessions

• Knowledge transfer methodologies
• Building effective BGP training labs
• Resources for continued learning

Learning Objectives

Upon completion of this workshop, participants will be able to:

1. Design and implement sophisticated BGP routing policies for various network requirements
2. Deploy effective BGP security measures to protect routing infrastructure
3. Implement RPKI and ROV to enhance routing security against prefix hijacking
4. Configure advanced BGP traffic engineering techniques to optimize network paths
5. Deploy scalable iBGP architectures for large networks
6. Implement BGP for IPv6 and manage dual-stack routing environments
7. Troubleshoot complex BGP routing issues using systematic approaches
8. Apply industry best practices for BGP configuration and management
9. Design redundant and resilient routing infrastructures
10. Develop effective BGP peering strategies for optimal Internet connectivity

Other Requirements

Participants are advised to bring their own laptop or desktop computer with:

• High-speed internet access
• Administrative access to the system
• Intel i5 or i7 processor (or equivalent)
• Minimum 8GB of RAM
• At least 30GB of free hard disk space

Required software:

• SSH Client (e.g., PuTTY for Windows)
• Telnet Client

Pre-workshop setup:

• Confirm SSH is allowed from your network to access the lab infrastructure
• Test SSH connectivity by connecting to route-views.routeviews.org (e.g., ssh rviews@route-views.routeviews.org)
• Create an APNIC Academy account at https://academy.apnic.net/ (if you don't already have one)
• Test your internet connection speed to the Learn on Demand data centres using the tool at https://www.learnondemandsystems.com/speedtest/

Note: All hands-on exercises will be conducted using virtual lab environments.