Draft-lewis-infrastructure-security-00.txt Infrastructure Protection BCP Darrel Lewis, James Gill, Paul Quinn, Peter Schoenmaker.

Slides:

Advertisements

Similar presentations

1 Introducing the Specifications of the Metro Ethernet Forum.

Advertisements

May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.

FORUM ON NEXT GENERATION STANDARDIZATION (Colombo, Sri Lanka, 7-10 April 2009) A Pilot Implementation of an NGN Dual Stack IPv4/IPv6 network for MEWC,

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.

Deployment of MPLS VPN in Large ISP Networks

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.

Best Practices for ISPs

MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

Draft-li-rtgwg-cc-igp-arch-00IETF 88 RTGWG1 An Architecture of Central Controlled Interior Gateway Protocol (IGP) draft-li-rtgwg-cc-igp-arch-00 Zhenbin.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

November th Requirements for supporting Customer RSVP and RSVP-TE over a BGP/MPLS IP-VPN draft-kumaki-l3VPN-e2e-mpls-rsvp-te-reqts-05.txt.

L3VPN WG2013-Nov-71 Ingress Replication P-Tunnels in MVPN I ngress Replication has always been one of the P-tunnel technologies supported by MVPN But there’s.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

Edge Protection 111. The Old World: Network Edge Core routers individually secured Every router accessible from outside “outside” Core telnet snmp.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Guide to TCP/IP, Third Edition

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA Access the WAN Asst.Prof. It-arun.

TCOM 515 Lecture 6.

A review of quality of service mechanisms in IP-based network ─ integrated and differentiated services,multi-layer switching,MPLS and traffic engineering.

Module 14: Configuring Server Security Compliance

Alberto Rivai Teknologi pemantauan jaringan internet untuk pendeteksian dini terhadap ancaman dan gangguan Alberto Rivai

IPv6 and IPv4 Coexistence Wednesday, October 07, 2015 IPv6 and IPv4 Coexistence Motorola’s Views for Migration and Co-existence of 3GPP2 Networks to Support.

Draft-mickles-v6ops-isp-cases-02.txt Cleveland Mickles IETF55 V6OPS WG Meeting Atlanta, GA 11/20/02.

Draft-mickles-v6ops-isp-cases-01.txt September 19, 2002 Cleveland Mickles V6OPS ISP Breakout Session.

61st IETF Washington DC November 2004 BGP/MPLS IP Multicast VPNs draft-yasukawa-l3vpn-p2mp-mcast-00.txt Seisho Yasukawa (NTT) Shankar Karuna (Motorola)

BCOP on Anti-Spoofing Long known problem Deployment status Reason for this work Where more input needed.

UNIT 5 SEMINAR Unit 5 Chapter 6, plus Lab 10 for next week Course Name – IT482 Network Design Instructor – David Roberts Contact Information:

MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what.

RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

L3VPN WG2014-Jul-221 Ingress Replication P-Tunnels in MVPN I ngress Replication (IR) is one of the MVPN P-tunnel technologies But there’s a lot of confusing.

AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.

MENU Implications of Securing Router Infrastructure NANOG 31 May 24, 2004 Ryan McDowell

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

LISP Deployment Scenarios Darrel Lewis and Margaret Wasserman IETF 76, Hiroshima, Japan.

Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91

Network Architecture Protection (draft-vandevelde-v6ops-nap-01.txt) Brian Carpenter, Ralph Droms, Tony Hain, Eric L Klein, Gunter Van de Velde.

MPLS Concepts Introducing Basic MPLS Concepts. Outline Overview What Are the Foundations of Traditional IP Routing? Basic MPLS Features Benefits of MPLS.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

Chapter 6: Securing the Local Area Network

Chapter 4: Implementing Firewall Technologies

Interface to The Internet Routing System (IRS) draft-atlas-irs-problem-statement-00 draft-ward-irs-framework-00 Alia Atlas Thomas Nadeau David Ward IETF.

FirewallPK Security tool for centralized Access Control List Management th RoEduNet International Conference - Networking in Education and Research.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

IPv6 Transition Guide For A Large-scale Broadband Network Guo Liang Yang (Editor) Le Ming Hu Jin Yan Lin China Telecom Sept. 21 st, 2010 draft-yang-v4v6tran-ipv6-transition-guide-00.

The Application of the Path Computation Element Architecture to the Determination of a Sequence of Domains in MPLS & GMPLS draft-king-pce-hierarchy-fwk-01.txt.

Tunnel SAFI draft-nalawade-kapoor-tunnel- safi-03.txt SSA Attribute draft-kapoor-nalawade-idr- bgp-ssa-01.txt.

PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.

Draft-li-idr-cc-bgp-arch-00IETF 88 IDR1 An Architecture of Central Controlled Border Gateway Protocol (BGP) draft-li-idr-cc-bgp-arch-00 Zhenbin Li, Mach.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Interface to The Internet Routing System (IRS) Framework documents Joel Halpern IETF 84 – Routing Area Open Meeting 1.

MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines Philip Matthews Alcatel-Lucent.

Securing the Network Perimeter with ISA 2004

Multicast geo-distribution control draft-rekhter-geo-distribution-control-00 Huajin Jeng – AT&T Jeffrey Haas, Yakov Rekhter, Jeffrey Zhang – Juniper IETF.

Stateless Source Address Mapping for ICMPv6 Packets

COS 561: Advanced Computer Networks

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny

FIRST How can MANRS actions prevent incidents .

PIM Backup DR Mankamana Mishra IETF-102

Presentation transcript:

draft-lewis-infrastructure-security-00.txt Infrastructure Protection BCP Darrel Lewis, James Gill, Paul Quinn, Peter Schoenmaker

Introduction Infrastructure protection best practices –List of what is being done today Expected beneficiaries are both operators and end customers Draft is mostly focused on traffic to the network rather than transit traffic Complements BCP 38/84

Edge Infrastructure ACLs Key for protecting the SP network from external attack traffic targeting the core infrastructure First line of defense – commonly deployed and very effective in practice Draft describes ACL composition and provides a guide to implementation

Edge Remarking Ensures QoS policy supports security posture Advise edge remarking for ingress traffic –Ex. Prec 6/7 should never be seen on transit traffic

Device Protection Allows for aggregate security policy implementation for control and management traffic sent to a device Used in addition to service specific security tools like VTY ACLs Draft describes policy composition and provides a guide to implementation

Infrastructure Hiding Advanced technique for protecting core resources by denying reachability –You can’t attack what you can’t target Draft covers multiple mechanisms –Use less IP –MPLS techniques –IGP configuration techniques –Route advertisement filtering and control

IP V6 This section discusses the applicability of the other sections to IPv6 Networks Network infrastructure is enabled with this today No new techniques

Multicast needs love too Often overlooked Multicast requires different techniques from unicast Covers techniques such as: –filtering protocol/data –Rate limiting

Next Steps Incorporate feedback from list on next revision (01) Accept Draft as working group document?