Nanog 14, Atlanta Interesting Peering Activities at the Exchange Points 1 Naiming Shen Cisco Systems.

Slides:

Advertisements

Similar presentations

Route Optimisation RD-CSY3021.

Advertisements

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

Scaling and other new BGP Features Mark Turner Cisco Systems Queries: Unless otherwise noted, these features.

Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol –Datagram format.

Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Forwarding MPLS VPN Packets.

Border Gateway Protocol (BGP4)

BGP Attributes and Path Selections

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—3-1 Frame-Mode MPLS Implementation on Cisco IOS Platforms Configuring Frame-Mode MPLS on Cisco.

1 16-Aug-15 Static Routing CCNA Exploration Semester 2 Chapter 2.

1 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 4 Advanced Internetworking Computer Networks, 5th Edition.

Introduction to BGP 1. Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks – Exterior gateway protocol.

Edge Protection 111. The Old World: Network Edge Core routers individually secured Every router accessible from outside “outside” Core telnet snmp.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

BGP Best Current Practices

– Chapter 4 – Secure Routing

TCOM 515 Lecture 6.

CCNA2 v3 Module 4 v3 CCNA 2 Module 4 JEOPARDY K. Martin.

Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.

Access Control List ACL. Access Control List ACL.

10-1 Last time □ Transitioning to IPv6 ♦ Tunneling ♦ Gateways □ Routing ♦ Graph abstraction ♦ Link-state routing Dijkstra's Algorithm ♦ Distance-vector.

Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

Access Control List (ACL)

© Synergon Informatika Rt., 1999 Chapter 12 Connecting Enterprises to an Internet Service Provider.

BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

Instructor & Todd Lammle

CCNA – Cisco Certified Network Associates Access Control List (ACL) By Roshan Chaudhary Lecturer Islington College.

Access-Lists Securing Your Router and Protecting Your Network.

Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

BGP4 - Border Gateway Protocol. Autonomous Systems Routers under a single administrative control are grouped into autonomous systems Identified by a 16.

MENU Implications of Securing Router Infrastructure NANOG 31 May 24, 2004 Ryan McDowell

R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to.

1 Semester 3 Threaded Case Study Royal Palm A/3B Ip Siu Tik Tsang Man Wu Wai Hung Wong Lai Ting.

Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.

Network Layer4-1 Intra-AS Routing r Also known as Interior Gateway Protocols (IGP) r Most common Intra-AS routing protocols: m RIP: Routing Information.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Static Routing Routing Protocols and Concepts – Chapter 2.

ACCESS CONTROL LIST.

Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.

Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.

Routing Protocols and Concepts – Chapter 7

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—13-1 Lesson 13 Switching and Routing.

Module 2 MPLS Concepts.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.

1 9-Feb-16 S Ward Abingdon and Witney College Static Routing CCNA Exploration Semester 2 Chapter 2.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Forwarding Packets in a Transit AS.

Wild Stuff ExtendedACLGeneralACLStandardACL Got the Right Number?

Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.

BGP Transit Autonomous System

RIP Routing Protocol. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

Route Selection Using Attributes

© 2003, Cisco Systems, Inc. All rights reserved..

MPLS Virtual Private Networks (VPNs)

BGP 1. BGP Overview 2. Multihoming 3. Configuring BGP.

BGP Best Current Practices

Introduction To Networking

– Chapter 4 – Secure Routing

Presentation transcript:

Nanog 14, Atlanta Interesting Peering Activities at the Exchange Points 1 Naiming Shen Cisco Systems

11/9/98Nanog 14, Atlanta2 Peering Activities at NAPs During the Summer of 1997 Pointing default Rewrite eBGP nexthop Passing third party nexthop Misconfiguration

11/9/98Nanog 14, Atlanta3 Case#1: Rewrite eBGP Nexthop Private Peering ISP 3 ISP 1 iMCI ISP 2 cpe2 Mae-East NAP ACLs

11/9/98Nanog 14, Atlanta4 Case#1: Continue... Netflow shown 15% extra traffic from a single subnet traceroute -g shown the traffic coming to us Install a static route of 212.x.x.x pointing to this router and traceroute stopped at ISP1 Install the route in BGP, traceroute shown it coming back to us Thus this router of ISP3 had to rewrite the eBGP nexthop base on the AS numbers This could not be misconfiguration or a simple pointing default. Also this was not just used towards iMCI.

11/9/98Nanog 14, Atlanta5 Case#1: Continue... Install a packet filter on one of the links Install the packet filter on both links, which forced the traffic going to ISP2 After the filter was removed, it came back A New packet filter was applied

11/9/98Nanog 14, Atlanta6 Case #1: Continue... ACL 123 access-list 123 permit icmp x.x.x any access-list 123 permit udp x.x.x any gt access-list 123 permit udp x.x.x any eq 53 access-list 123 deny ip x.x.x any access-list permit ip any any The new filter was there for four days

11/9/98Nanog 14, Atlanta7 ISP 4 iMCI ISP 5 Case#2: Passing 3rd Party Nexthop Peering NAP LAN traffic Peering/customer

11/9/98Nanog 14, Atlanta8 Case#2: Continue... Netflow did not find this case Even you can rewrite the nexthop to your peer’s address, you can’t stop your peer passing your nexthop to the 3rd party route-map command set ip next-hop peer-address Use “next-hop-self”

11/9/98Nanog 14, Atlanta9 ISP 7 iMCI ISP 6 internetMCI.net Case#3: Pointing Default

11/9/98Nanog 14, Atlanta10 Case#3: Continue... It first pointing to ISP6, then to iMCI reverse DNS lookup was xxx.internetmci.net SNMP query had default route MIB value: ip.ipRouteTable.ipRouteEntry.ipRouteNexthop = IpAddress: After we exchanged some , they pointed to someone else

11/9/98Nanog 14, Atlanta11 ISP 9 Case#4: Tunneling ISP 8 ISP 9 GRE NAP1 NAP2

11/9/98Nanog 14, Atlanta12 ISP 11 ISP 10 Upstream Provider NAP3 Case#4: Continue... E1 E3

11/9/98Nanog 14, Atlanta13 Other Activities Run IGP at the NAPs Run Native Multicast Inconsistent route announcement at different peering points Run CDP

11/9/98Nanog 14, Atlanta14 Detection Netflow stats for reverse route lookup and traffic matrix traceroute -g If LSR is disabled, use Ping-Pong trace MAC address accounting

11/9/98Nanog 14, Atlanta15 Filtering Packet level filtering MAC address filtering/rate-limit, sometimes combined with WRED Null out offender’s routes within your domain

11/9/98Nanog 14, Atlanta16 Preventive Measures NAP GIGAswitch L2 filtering NAP ATM PVCs Use “next-hop-self” and reset peer-address Remove non-customer routes from NAP routers Do not carry NAP subnets in the backbone Enforce consistent route announcements