Skip to main content
PETALING JAYA, MALAYSIA 19 – 27 February 2025
APRICOT 2025 logo
Kite graphics

APRICOT MasterClass

Background

Following the conclusion in 2000 of the INET Network Training Workshops, led by the Internet Society, APRICOT pioneered the introduction of network operator training at network operator group events in the Asia Pacific region, with its first participant training workshops held at APRICOT 2001 in Kuala Lumpur. Ever since then, APRICOT has been offering introductory and intermediate level training during the APRICOT Summit.

As more and more network operator groups started offering training during their events, and organisations such as APNIC have greatly expanded their training activity across the region in the last decade or more, the APNOG Board reviewed how APRICOT’s training activity should continue its development. This review concluded that the pioneering work has been a resounding success, but that the bar needs to be raised, to offer training in advanced topics not normally covered by the regular activities across the region.

As from APRICOT 2024, the workshop activity was relaunched as APRICOT MasterClass, a specialised activity, covering 3 distinct topics taught in parallel over 3 days. Participant prerequisites include having an existing skill set in the topic selected, with the instructors requiring proof of experience before participants may join the training.

APRICOT 2025 offers three MasterClasses:

  1. Advanced BGP
  2. Practical Virtualization with Hybrid Strategies
  3. KINDNS: DNS & DNSSEC operational best practices to improve the DNS Ecosystem

MasterClass participants must attend all 3 days of their chosen MasterClass. It is not possible to change topics once the MasterClass has started.

MasterClass 1 - Advanced BGP

Instructors:

Aftab Siddiqui (APNIC Foundation), Mark Duffell (Telstra), Phil Mawson (Vocus), Tashi Phuntsho (Flexoptix)

Abstract

After successfully conducting beginner and intermediate BGP courses over the past few years, we've recognized the growing need to delve deeper into the subject. This year, we've decided to shift our focus to an advanced level, catering to professionals who are looking to further refine their expertise.

In this intensive workshop, participants will dive deep into the world of Border Gateway Protocol (BGP). While attendees are expected to have a basic understanding of BGP, its working mechanisms, attributes, and some hands-on experience, the course will provide a comprehensive exploration into detailed configurations and advanced features. Attendees will gain hands-on experience with BGP configuration, delve into advanced scaling techniques, and familiarize themselves with best practices, including MANRS principles for secure routing. Additionally, the workshop will cover aspects of BGP traffic engineering, automation, multihoming, and strategies for effective load balancing. By the end, participants will be well-equipped to leverage BGP communities in multi-IXP environments, optimizing their network routing policies and embracing remote peering capabilities.

Agenda Overview:

  • Introduction to BGP [Quick Overview of BGP]
  • BGP basics: [BGP messages, BGP path selection]
  • BGP Configuration [Router configuration for BGP (looking at various commands), BGP neighbor relationships (stages/states for troubleshooting)]
  • BGP Advanced Features [Route aggregation and summarization, BGP communities and attributes]
  • BGP Scaling Techniques [Route reflectors, Strategies for efficient route selection, Redundancy]
  • BGP Best Practices / MANRS [Route advertisement and filtering]
  • BGP Traffic Engineering and Automation [Automating Traffic engineering policies and route manipulation]
  • BGP Multihoming and Load Balancing [Strategies and challenges, Load balancing techniques using BGP]
  • BGP Communities and Multi-IXP Policies [Remote Peering, Leveraging BGP communities for multi-IXP routing policies]

Maximum Number of Participants: 32

Participant Prerequisites

Participants must be proficient with a router command line interface, have a good understanding of OSPF or IS-IS, as well as extensive experience with using BGP in an operational network.

Please note: participants are required to bring laptops with a modern web browser installed (Chrome/Firefox/Safari/Opera/Edge)

MasterClass 2 - Practical Virtualisation with Hybrid Strategies

Instructors:

Hervey Allen (NSRC), Brian Candler (NSRC), Carlos Armas (NSRC), Paul Ooi Cong Jen (Takizo Solutions Sdn Bhd)

Abstract

During this three-day technical workshop, we will discuss the realities among the many aspects of selecting a virtualisation solution for your organization. In some cases, a local solution is preferred or the primary option available, while in others, cloud solutions are considered or preferred. There is no simple answer for everyone. In addition, solutions should be based on understanding many factors, such as cost, authentication, access control, application development and deployment strategies, data and risk management strategies, types of file systems available, and much more. Choosing well between cloud, self-hosted virtualisation, or hybrid solutions requires understanding the aspects of all these issues and more.

We will present, demonstrate, and complete labs on the virtualisation themes of:

  • Hypervisors (including Proxmox with KVM)
  • Containers (Proxmox/LXD system containers and Docker application containers)
  • Block storage (HDD and SSD, LVM, RAID, iSCSI)
  • File storage (consistency, ZFS, snapshots, and replication, NFS/CIFS)
  • Object storage (Amazon's S3 API with a focus on the client side)
  • Distributed storage (Scalable/Replicated. Ceph: rbd, cephfs, radosgw)
  • Public cloud solutions (Focus on AWS with short references to Google, Azure, smaller options like Linode, Backblaze, Cloudflare)
  • Public cloud management (authentication, access control, cost control, IP address management)
  • Application development (CI/CD, containerisation, develop and test environments)
  • Application deployment (config mgmt e.g., ansible, stack management e.g., terraform, container management e.g., kubernetes)
  • Data and risk management (backups and recovery, monitoring, security)

Instructors have experience in these areas and will share their practical, hands-on experiences with both locally hosted and public cloud-based solutions. The workshop will use a virtual training platform where numerous concepts can be installed, configured, used, and reviewed hands-on to provide some practical experience with possible solutions you may be considering or already have.

The goal of this workshop is to provide knowledge to assist with possible decisions you or your organization may be working towards, as well as share with everyone practical knowledge of solutions already implemented by the instructors and others in the class. Knowledge shared among peers greatly benefits in-person, interactive workshops like this one.

By the end of this workshop, you should better understand possible solutions you could implement for your particular organizational needs, resources, and location.

Pre-requisites

Required

The one key prerequisite is that participants should have some experience with a virtualisation environment, whether it be local with solutions like VMWare, VirtualBox, KVM, QEMU, libvirt, Hyper-V or with at least one cloud solution like AWS, Google Cloud Platform, Azure, or many others.

Minimum Experience

This workshop assumes a fundamental understanding of network protocols and terms, such as TCP/IP, ICMP, IPv4, IPv6 as well as understanding of operating systems like Linux/Unix and/or Windows and how they are implemented and run. Introductory sessions in these areas are not part of the workshop.

Useful Experience

Here are some useful experiences to better give participants an idea of the type of system, security, and network topics that will be covered while discussing the many areas involved in a practical virtualisation workshop.

  • System administration or use of operating systems like Unix, Linux, Windows, and/or macOS (Unix).
  • Understanding of core functionality of operating system file systems.
  • Experience with or understanding of the concepts of RAID (RAID 1, 5, 1+0, etc.)
  • Understanding of TCP/IP as well IPv4 and IPv6 and basic understanding of how packets are routed on the Internet.
  • Understanding of the core concepts of encryption, why it is used, and how it is used, including the use of SSH and configuration of SSL.
  • Use of or knowledge about databases such as some form of SQL or other relational or non-relational data stores.
  • Programming experience of some kind and preferably some shell scripting or understanding of how shell scripts work.
  • Use of or understanding how an API works.

Please note: participants are required to bring laptops

MasterClass micro-site

Maximum Number of Participants: 32

MasterClass 3 - KINDNS: DNS & DNSSEC operational best practices to improve the DNS Ecosystem

Instructors:

Philip Paeps (NSRC), Nyamkhand Buluukhuu (Mobinet)

Abstract

DNS is not just for ccTLDs. This three-day hands-on workshop covers best practices for effectively managing DNS & DNSSEC day to day in deployments of all sizes. Participants learn about the KINDNS guidelines – best practices agreed on by DNS practitioners for various classes of deployments: from authoritative leaf zones, to large-scale shared public resolvers, to ccTLDs. This workshop is aimed at anyone running a DNS server – whether a recursive resolver for themselves, an ISP, or an enterprise, or authoritative service for one to a million zones. Everyone needs DNS.

The workshop will begin with a very brief refresher on the finer points of the DNS & DNSSEC protocols (TTLs, signature algorithms, EDNS0), but quickly move on to hands-on work, including:

  • Monitoring production DNS servers
  • Performance and capacity planning
  • Preventing and recovering from DNSSEC disasters
  • Key rollovers and algorithm rollovers

After this workshop, participants will have a better understanding of how DNS servers work. And how they fail. And how to fix them when they fail.

Minimum experience

This is a hands-on workshop taught in a virtual lab environment.

Participants are required to be familiar with DNS & DNSSEC theory and basic systems administration. This workshop will not cover basics. Participants are expected to bring a laptop and know how to use it. The lab is taught in a virtual environment accessed via a web browser and SSH.

Candidates should know how to install software packages in a Unix-like or Linux environment, and be familiar with elementary systems administration: starting and stopping processes, finding and examining log files, etc.

Maximum Number of Participants: 32