Skip to main content
APRICOT 2026 logo
tile-graphics
JAKARTA, INDONESIA
4 – 12 February 2026

APRICOT MasterClass

Background

Following the conclusion in 2000 of the INET Network Training Workshops, led by the Internet Society, APRICOT pioneered the introduction of network operator training at network operator group events in the Asia Pacific region, with its first participant training workshops held at APRICOT 2001 in Kuala Lumpur. Ever since then, APRICOT has been offering introductory and intermediate level training during the APRICOT Summit.

As more and more network operator groups started offering training during their events, and organisations such as APNIC have greatly expanded their training activity across the region in the last decade or more, the APNOG Board reviewed how APRICOT’s training activity should continue its development. This review concluded that the pioneering work has been a resounding success, but that the bar needs to be raised, to offer training in advanced topics not normally covered by the regular activities across the region.

As from APRICOT 2024, the workshop activity was relaunched as APRICOT MasterClass, a specialised activity, covering 3 distinct topics taught in parallel over 3 days. Participant prerequisites include having an existing skill set in the topic selected, with the instructors requiring proof of experience before participants may join the training.

APRICOT 2026 offers three MasterClasses:

  1. Advanced BGP
  2. Practical Virtualization with Hybrid Strategies
  3. Practical Cybersecurity for Internet Operators

MasterClass participants must attend all 3 days of their chosen MasterClass. It is not possible to change topics once the MasterClass has started.

MasterClass 1 - Advanced BGP

Abstract

After successfully conducting beginner and intermediate BGP courses over the past few years, we've recognized the growing need to delve deeper into the subject. This year, we've decided to shift our focus to an advanced level, catering to professionals who are looking to further refine their expertise.

In this intensive workshop, participants will dive deep into the world of Border Gateway Protocol (BGP). While attendees are expected to have a basic understanding of BGP, its working mechanisms, attributes, and some hands-on experience, the course will provide a comprehensive exploration into detailed configurations and advanced features. Attendees will gain hands-on experience with BGP configuration, delve into advanced scaling techniques, and familiarize themselves with best practices, including MANRS principles for secure routing. Additionally, the workshop will cover aspects of BGP traffic engineering, automation, multihoming, and strategies for effective load balancing. By the end, participants will be well-equipped to leverage BGP communities in multi-IXP environments, optimizing their network routing policies and embracing remote peering capabilities.

Agenda Overview:

  • Introduction to BGP [Quick Overview of BGP]
  • BGP basics: [BGP messages, BGP path selection]
  • BGP Configuration [Router configuration for BGP (looking at various commands), BGP neighbor relationships (stages/states for troubleshooting)]
  • BGP Advanced Features [Route aggregation and summarization, BGP communities and attributes]
  • BGP Scaling Techniques [Route reflectors, Strategies for efficient route selection, Redundancy]
  • BGP Best Practices / MANRS [Route advertisement and filtering]
  • BGP Traffic Engineering and Automation [Automating Traffic engineering policies and route manipulation]
  • BGP Multihoming and Load Balancing [Strategies and challenges, Load balancing techniques using BGP]
  • BGP Communities and Multi-IXP Policies [Remote Peering, Leveraging BGP communities for multi-IXP routing policies]

Maximum Number of Participants: 32

Participant Prerequisites

Participants must be proficient with a router command line interface, have a good understanding of OSPF or IS-IS, as well as extensive experience with using BGP in an operational network.

Please note: participants are required to bring laptops with a modern web browser installed (Chrome/Firefox/Safari/Opera/Edge)

MasterClass 2 - Practical Virtualization with Hybrid Strategies

Abstract

During this three-day technical workshop, we will discuss the realities among the many aspects of selecting a virtualisation solution for your organization. In some cases, a local solution is preferred or the primary option available, while in others, cloud solutions are considered or preferred. There is no simple answer for everyone. In addition, solutions should be based on understanding many factors, such as cost, authentication, access control, application development and deployment strategies, data and risk management strategies, types of file systems available, and much more. Choosing well between cloud, self-hosted virtualisation, or hybrid solutions requires understanding the aspects of all these issues and more.

We will present, demonstrate, and complete labs on the virtualisation themes of:

  • Hypervisors (including Proxmox with KVM)
  • Containers (Proxmox/LXD system containers and Docker application containers)
  • Block storage (HDD and SSD, LVM, RAID, iSCSI)
  • File storage (consistency, ZFS, snapshots, and replication, NFS/CIFS)
  • Object storage (Amazon's S3 API with a focus on the client side)
  • Distributed storage (Scalable/Replicated. Ceph: rbd, cephfs, radosgw)
  • Public cloud solutions (Focus on AWS with short references to Google, Azure, smaller options like Linode, Backblaze, Cloudflare)
  • Public cloud management (authentication, access control, cost control, IP address management)
  • Application development (CI/CD, containerisation, develop and test environments)
  • Application deployment (config mgmt e.g., ansible, stack management e.g., terraform, container management e.g., kubernetes)
  • Data and risk management (backups and recovery, monitoring, security)

Instructors have experience in these areas and will share their practical, hands-on experiences with both locally hosted and public cloud-based solutions. The workshop will use a virtual training platform where numerous concepts can be installed, configured, used, and reviewed hands-on to provide some practical experience with possible solutions you may be considering or already have.

The goal of this workshop is to provide knowledge to assist with possible decisions you or your organization may be working towards, as well as share with everyone practical knowledge of solutions already implemented by the instructors and others in the class. Knowledge shared among peers greatly benefits in-person, interactive workshops like this one.

By the end of this workshop, you should better understand possible solutions you could implement for your particular organizational needs, resources, and location.

Pre-requisites

Required

The one key prerequisite is that participants should have some experience with a virtualisation environment, whether it be local with solutions like VMWare, VirtualBox, KVM, QEMU, libvirt, Hyper-V or with at least one cloud solution like AWS, Google Cloud Platform, Azure, or many others.

Minimum Experience

This workshop assumes a fundamental understanding of network protocols and terms, such as TCP/IP, ICMP, IPv4, IPv6 as well as understanding of operating systems like Linux/Unix and/or Windows and how they are implemented and run. Introductory sessions in these areas are not part of the workshop.

Useful Experience

Here are some useful experiences to better give participants an idea of the type of system, security, and network topics that will be covered while discussing the many areas involved in a practical virtualisation workshop.

  • System administration or use of operating systems like Unix, Linux, Windows, and/or macOS (Unix).
  • Understanding of core functionality of operating system file systems.
  • Experience with or understanding of the concepts of RAID (RAID 1, 5, 1+0, etc.)
  • Understanding of TCP/IP as well IPv4 and IPv6 and basic understanding of how packets are routed on the Internet.
  • Understanding of the core concepts of encryption, why it is used, and how it is used, including the use of SSH and configuration of SSL.
  • Use of or knowledge about databases such as some form of SQL or other relational or non-relational data stores.
  • Programming experience of some kind and preferably some shell scripting or understanding of how shell scripts work.
  • Use of or understanding how an API works.

Please note: participants are required to bring laptops

Maximum Number of Participants: 32

MasterClass 3 - Practical Cybersecurity for Internet Operators

Abstract

This 3 day MasterClass emphasises skills needed to secure Internet infrastructure from real-world cybersecurity threats. The target audience includes network engineers from industry, Internet Service Providers, stewards of critical Internet infrastructure (ccTLDs), and operators of research and education networks (RENs) who seek to improve the security, resilience, and reliability of their infrastructure.

Pre-requisites

This MasterClass assumes robust familiarity with editing files, installing software, and other day-to-day systems administration tasks on Unix-like operating systems or Linux.

As well as being experienced systems administrators, participants must have operational knowledge and experience of critical networking components such as OSPF or ISIS, BGP and the Domain Name System (DNS).

Topics

The MasterClass includes presentations and hands-on lab work covering the following topics:

  • Security Policies & Compliance
  • Layer 1-2-3 best practices
  • Physical Infrastructure Security
  • Management networks, OOB, configuration best practices
  • Switching Architecture best operational practices
  • Device security
  • Securing and operating routing protocols (IGP and BGP)
  • BGP Best Practices
  • uRPF, RTBH filtering, BGP Origin Validation & RPKI
  • DNSSEC best practices, KINDNS
  • Vulnerability management
  • Threat detection and mitigation
  • Incident response handling

The instructor team have considerable operational experience in these areas. The MasterClass will use a virtual training platform where numerous concepts can be installed, configured, used, and reviewed hands-on to provide some practical experience with possible solutions you may be considering or already have.

The goal of this MasterClass is to provide knowledge to assist with practical operational security needs for the participant and their organisation, as well as giving instructors and participants opportunity to share their existing approaches. Knowledge shared among peers greatly benefits in-person, interactive courses like this one.

By the end of this MasterClass, participants will have a much better view on how to approach the many security challenges Internet service providers and operators face on today's Internet.

Please note: participants are required to bring laptops

Maximum Number of Participants: 32