Tutorials

Advanced IPv6

Instructors: Alejandro Acosta, Jordi Palet, Ariel Weher

Language: español

This Advanced IPv6 tutorial will be divided into four different parts. During the first part, the instructors will present relevant guidelines for operators defining their numbering plans, as well practical examples of these plans.

During the second and third parts, they will present the most important aspects for IPv6 deployment in xDLS and cable (DOCSIS) networks.

The fourth part, which includes hands-on activities, will be used to review the so-called “IPv6-only and IPv4-as-a-Service” (464XLAT, DS-Lite, lw4o6, MAP-E and MAP-T) transition mechanisms, which allow operators (broadband, cellular) or even corporate networks to deploy an IPv6-only access (and/or core) network which at the same time offers IPv4 services on client LANs. The tutorial will also review how to deploy a datacenter using only IPv6 internally, maintaining dual-stack connectivity with the Internet (SIIT-DC).

It will also include a hands-on activity where participants will deploy an IPv6-only ISP using 464XLAT. For this, the instructors will demonstrate how to configure and use Jool to deploy NAT64 (PLAT), as well as Bind9 for DNS64, as these are the resources the ISP will need to serve the clients of its network. Participants will then be the clients, so they will have to configure their own devices using a virtual machine (provided by the instructors), Jool for the CLAT required for 464XLAT. Thus, our “ISP” will have as many clients as tutorial participants, each with their own IPv6 prefix, and will be able to verify that IPv4 is available transparently through the IPv6-only ISP on each participant's laptop computer.

Alejandro Acosta

Jordi Palet

HANDS-ON: How to Change the Rules of the Internet!

Instructor: Gianina Pensky

Language: español

LACNIC is responsible for assigning and managing Internet number resources (IPv4, IPv6), Autonomous System Numbers, reverse resolution and other resources for the region of Latin America and the Caribbean.
The rules/policies under which LACNIC manages those resources are decided by our regional community.
The workshop has the following goals:

To explain and exchange ideas about the topics currently under discussion in our region

To teach anyone interested in participating in these decisions how to do so

To ensure that anyone interested can effectively participate in this process

The workshop is aimed at all members of the community interested in participating.

More information: 
https://www.youtube.com/watch?v=m6Q7uB5Qy3M&feature=youtu.be

We invite you to keep up with the latest news
http://www.lacnic.net/lists/policy

Gianina Pensky

Resource Management / Mi LACNIC

Instructors: Rodrigo Zambrana, Sergio Rojas.

Language: español

Last year, LACNIC launched a new resource management system called MiLACNIC, which, in addition to the features currently available (sub-assignments, rDNS delegation, managing users, etc.), centralizes payments and the Resource Certification System (RPKI).

The main goal of this tutorial is for participants to gain an in-depth understanding of MiLACNIC's features and how to use them.

It has been designed for representatives of organizations that are already members of LACNIC and have been assigned IPv4 and/or IPv6 resources directly by LACNIC.

Participants who are technically responsible for a LACNIC member organization can log on to LACNIC's Resource Management System with their corresponding username and password.

No computers will be available in the room for this tutorial, so participants are advised to bring a laptop, tablet, or any other Internet-enabled device.

Important:
Because LACNIC NIRs use a different platform, the material shown during the presentation is not available for members of organizations in Brazil and Mexico.

DNSSEC

Instructors: Mauricio Vergara, Sebastián Castro, Mauricio Oviedo, Hugo Salgado

Language: español

Goal:
Using a practical approach, to explain the basics of DNSSEC for operators, how to sign a zone and how to configure a validating resolver. The tutorial has been designed with a format that includes presentations and live demos, and instructors will be open to comments and questions during their talks.

Requirements:
Participants must have basic knowledge or normal DNS operation and systems configuration. (?)

Program:
  14:00 - 15:00: The Basics of DNSSEC, presented by Mauricio Vergara
  15:00 - 16:00: Zone Signing, by Sebastián Castro
  16.00 - 16:30: Coffee Break
  16:30 - 17:30: Validation in Resolvers, presented by Mauricio Oviedo
  17:30 - 18:00: The Future of DNSSEC, presented by Hugo Salgado

Sebastián Castro

BGP/RPKI

Instructors: Mariela Rocha, Gerardo Rada, Erika Vega, Guillermo Cicileo.
Language: Spanish

The BGP protocol plays a critical role in Internet communications. It facilitates the exchange of information over IP networks and communications between autonomous systems (AS). Therefore, it is necessary to understand BGP and be aware of its vulnerabilities, as its operation in the context of the global Internet involves certain aspects that in recent times have increased their complexity due to certain security events such as route hijacking and route leaks.
This tutorial comprises several parts. During the morning session, instructors will present the basics of the BGP protocol, as well as current recommendations and best practices for both carrier/ISP environments and end-user organizations. Participants will also work on practical activities focusing on inter-domain and intra-domain scenarios:

• Basic routing configuration
• Routing announcements
• Filter creation

In the afternoon session, we will present some of the new trends in routing security, specifically origin validation using resource certification (RPKI).

• Route hijacking and leaks
• Resource certification (RPKI)
• Practice in creating ROAs

Requirements:

• Laptop computer with Virtual Box version 5.2.18
• Admin credentials for the Mi LACNIC platform for the hands-on activities participants will complete in the second session.

part 1

part 2

part 3

part 4

Mariela Rocha

Guillermo Cicileo

Peering

Instructors: Arturo Servín, Carlos Martínez, Guillermo Cicileo

Language: español

Description:

This tutorial will analyze the basics of Traffic Exchange, Peering and CDNs and discuss their business relationships as well as relevant technical aspects.

Specific topics to be addressed in this workshop include how, who with, and where to implement peering relationships, what type of traffic exchanges should be used, how to analyze network traffic in order to make better interconnection decisions, where to register peering sites and polices, and best practices for using BGP for peering.

Participants are expected to have a working knowledge of BGP.

 Equipment Hardening and MANRS: Theory and Practice

Instructors: Eduardo Morales, Tiago Nakamura e Lucimara Desiderá

Description:

Maintaining the proper functioning of their autonomous systems is crucial for many different institutions, particularly for Internet access providers.
Every day, security incidents occur that affect the performance of Internet service providers, generating additional costs due to downtime, debugging and having to reconfigure equipment, and even due to spurious traffic caused by denial-of-service attacks originated by devices within the network itself.

One of the main reasons for the success of these attacks is the lack of attention to security settings and the countless vulnerabilities present in network devices.

Considering this scenario, the goal of this tutorial is to provide guidelines on device hardening and to share the security best practices included in the MANRS document, so that providers can protect their networks and the Internet as a whole. The activity will include a presentation (theory) and a laboratory on network emulation software EVE-ng. (Participants must each bring their own notebook computer)

Eduardo Morales

Tiago Nakamura