Skip to main content

Advanced Training

Background

Following the conclusion in 2000 of the INET Network Training Workshops, led by the Internet Society, APRICOT pioneered the introduction of network operator training at network operator group events in the Asia Pacific region, with its first participant training workshops held at APRICOT 2001 in Kuala Lumpur. Ever since then, APRICOT has been offering introductory and intermediate level training during the APRICOT Summit.

As more and more network operator groups started offering training during their events, and organisations such as APNIC have greatly expanded their training activity across the region in the last decade or more, the APNOG Board reviewed how APRICOT’s training activity should continue its development. This review concluded that the pioneering work has been a resounding success, but that the bar needs to be raised, to offer training in advanced topics not normally covered by the regular activities across the region.

As from APRICOT 2024, the workshop activity is being relaunched as Advanced Training, a specialised activity, covering 3 distinct topics taught in parallel over 3 days. Participant prerequisites include having an existing skill set in the topic selected, with the instructors requiring proof of experience before participants may join the training.

Advanced Training 1 - Cyberwar Defence

Instructors: Roland Dobbins (Netscout), Barry Greene

Abstract

Cyberwar Defence - Prepare your Organization to be Resilient under Persistent Threats

ISPs, Telcos, Cloud, and Service Providers are the Internet’s battlespace. State, Criminal, and other threat actors are vested in getting inside ISPs, planting their malware, tapping into the data, and being ready to execute their “disruptive operations.”

Experienced Threat Actors do not wait until there is a cyberwar to start their activities. They move into networks yesterday, today, and tomorrow, integrating their tools. Assume these threat actors are inside your organization now.

  • How do you find the threat actors in your network today?
  • What can you do to get them off your network?
  • Why are they in your network?
  • Where can you get help to knock them off your network?
  • When can we ever be safe from these threat actors?

This workshop empowers network and system practitioners to defend their networks, build resiliency playbooks, and institute practices that resist threat actors. The workshop would focus on one:

Malware & Advance Persistent Threat (ATP) resiliency architectures. Large organizations require multiple defensive architectures to resist threat actors getting into the infrastructure, installing malware, planting “persistent” tools, and laterally moving through the networks. These modules help workshop participants return to their organizations and start taking action with what they have today.

Incident Response Plans, Playbooks, and Exercises. Expect the unexpected. Workshop participants will be guided to build example incident playbooks that would be a template for their organization. Several tabletop exercises would be used to help participants grasp the principles and put them into action.

Essential Security Habits that Find, Respond, and Mitigate the Threats. A castle wall is useless if no one is watching, guarding, maintaining, or patrolling. Daily Security Habits are the core reason seasoned organizations find threat actors before the threat is activated. This module will review many of the most effective daily/weekly/monthly security habits that have proven effective.

Maximum Number of Participants: 30

Participant Pre-requisites:

Seasoned Network, DevOps, Systems, and other technical practitioners. Reviewing past APRICOT and other security workshops would be essential to understanding many of the tools that are used in this workshop.

Advanced Training 2 - Practical Virtualisation with Hybrid Strategies

Instructors: Hervey Allen (NSRC), Carlos Armas (NSRC), Brian Candler (NSRC), Bob Rotsted (NSRC)

Abstract

During this three-day technical workshop, we will discuss the realities among the many aspects of selecting a virtualisation solution for your organization. In some cases, a local solution is preferred or the primary option available, while in others, cloud solutions are considered or preferred. There is no simple answer for everyone. In addition, solutions should be based on understanding many factors, such as cost, authentication, access control, application development and deployment strategies, data and risk management strategies, types of file systems available, and much more. Choosing well between cloud, self-hosted virtualisation, or hybrid solutions requires understanding the aspects of all these issues and more.

During the three days, we will present, demonstrate, and complete labs on the virtualisation themes of:

  • Hypervisors (including Proxmox with KVM)
  • Containers (Proxmox/LXD system containers and Docker application containers)
  • Block storage (HDD and SSD, LVM, RAID, iSCSI)
  • File storage (consistency, ZFS, snapshots, and replication, NFS/CIFS)
  • Object storage (S3 API with a focus on the client side)
  • Distributed storage (Scalable/Replicated. Ceph: rbd, cephfs, radosgw)
  • Public cloud solutions (AWS, Google, Azure, smaller options like Linode, Backblaze, Cloudflare)
  • Public cloud management (authentication, access control, cost control, IP address management)
  • Application development (CI/CD, containerisation, develop and test environments)
  • Application deployment (config mgmt e.g., ansible, stack management e.g., terraform, container management e.g., kubernetes)
  • Data and risk management (backups and recovery, monitoring, security)
  • Choosing the right strategy for your organization: cloud, self-hosting, or hybrid.

Instructors have experience in these areas and will share their practical, hands-on experiences with both locally hosted and public cloud-based solutions. The workshop will use a virtual training platform where numerous concepts can be installed, configured, used, and reviewed hands-on to provide some practical experience with possible solutions you may be considering or already have.

The goal of this workshop is to provide knowledge to assist with possible decisions you or your organization may be working towards, as well as share with everyone practical knowledge of solutions already implemented by the instructors and others in the class. Knowledge shared among peers greatly benefits in-person, interactive workshops like this one.

By the end of this workshop, you should better understand possible solutions you could implement for your particular organizational needs, resources, and location.

Pre-requisites

Required

The one key prerequisite is that participants should have some experience with a virtualisation environment, whether it be local with solutions like VMWare, VirtualBox, KVM, QEMU, libvirt, Hyper-V or with at least one cloud solution like AWS, Google Cloud Platform, Azure, or many others.

Minimum Experience

This workshop assumes a fundamental understanding of network protocols and terms, such as TCP/IP, ICMP, IPv4, IPv6 as well as understanding of operating systems like Linux/Unix and/or Windows and how they are implemented and run. Introductory sessions in these areas is not part of the workshop.

Useful Experience

Here are some useful experiences to better give participants an idea of the type of system, security, and network topics that will be covered while discussing the many areas involved in a practical virtualisation workshop.

  • System administration or use of operating systems like Unix, Linux, Windows, and/or macOS (Unix).
  • Understanding of core functionality of operating system file systems.
  • Experience with or understanding of the concepts of RAID (RAID 1, 5, 1+0, etc.)
  • Understanding of TCP/IP as well IPv4 and IPv6 and basic understanding of how packets are routed on the Internet.
  • Understanding of the core concepts of encryption, why it is used, and how it is used, including the use of SSH and configuration of SSL.
  • Use of or knowledge about databases such as some form of SQL or other relational or non-relational data stores.
  • Programming experience of some kind and preferably some shell scripting or understanding of how shell scripts work.
  • Use of or understanding how an API works.

Link to Workshop micro-site

Maximum Number of Participants: 32

Please note: participants are required to bring laptops with a modern web browser installed (Chrome/Firefox/Safari/Opera/Edge)

Advanced Training 3 - Advanced BGP

Instructors: Aftab Siddiqui (Internet Society), Phil Mawson (Vocus)

Abstract

After successfully conducting beginner and intermediate BGP courses over the past few years, we've recognized the growing need to delve deeper into the subject. This year, we've decided to shift our focus to an advanced level, catering to professionals who are looking to further refine their expertise.

In this intensive workshop, participants will dive deep into the world of Border Gateway Protocol (BGP). While attendees are expected to have a basic understanding of BGP, its working mechanisms, attributes, and some hands-on experience, the course will provide a comprehensive exploration into detailed configurations and advanced features. Attendees will gain hands-on experience with BGP configuration, delve into advanced scaling techniques, and familiarize themselves with best practices, including MANRS principles for secure routing.

Additionally, the workshop will cover aspects of BGP traffic engineering, automation, multihoming, and strategies for effective load balancing. By the end, participants will be well-equipped to leverage BGP communities in multi-IXP environments, optimizing their network routing policies and embracing remote peering capabilities.

Agenda Overview:

  • Introduction to BGP [Quick Overview of BGP]
  • BGP basics: [BGP messages, BGP path selection]
  • BGP Configuration [Router configuration for BGP (looking at various commands), BGP neighbor relationships (stages/states for troubleshooting)]
  • BGP Advanced Features [Route aggregation and summarization, BGP communities and attributes]
  • BGP Scaling Techniques [Route reflectors, Strategies for efficient route selection, Redundancy]
  • BGP Best Practices / MANRS [Route advertisement and filtering]
  • BGP Traffic Engineering and Automation [Automating Traffic engineering policies and route manipulation]
  • BGP Multihoming and Load Balancing [Strategies and challenges, Load balancing techniques using BGP]
  • BGP Communities and Multi-IXP Policies [Remote Peering, Leveraging BGP communities for multi-IXP routing policies]

Maximum Number of Participants: 32

Participant Prerequisites:

Participants must be proficient with a router command line interface, have a good understanding of OSPF or IS-IS, as well as extensive experience with using BGP in an operational network.

Please note: participants are required to bring laptops with a modern web browser installed (Chrome/Firefox/Safari/Opera/Edge)